Old Internet Flaw Causes New Problems

By Drew FitzGerald

An old problem at the core of the Internet is getting more attention, as a growing number of data breaches expose the Web's weaknesses.

The security gap derives from a flaw in the language that expensive network routers use to figure out how to shuttle digital information to its destination. Machines rely on this chatter among the carrier-grade routers for a map of the Internet, and most network operators have the ability to recommend changes with little verification, leaving traffic vulnerable to bogus information.

This summer, torrents of traffic from U.S. carrier Level 3 Communications Inc. took a detour through Telekom Malaysia, disrupting service to millions of users. And in June, Two Sigma Investments LLC, a $29 billion New York hedge fund, discovered some traffic destined for its unused Web addresses was claimed by a network operator registered in St. Petersburg, Russia, though the hedge fund said the event was little more than an inconvenience.

Engineers and security experts say attackers are increasingly using this method to manipulate Internet traffic. U.S. government officials worry that hackers with access to the right network equipment could do more serious damage by altering this map of routes, which is controlled by a language known as border gateway protocol, or BGP.

"There's good evidence that people are playing serious malicious games with the routing table," said Steven Bellovin, a Columbia University computer science professor who investigated early Internet security loopholes at Bell Labs. "I think that the risks are very serious."

Using BGP flaws to trick carriers into rerouting their clients' data could let someone steal proprietary information, eavesdrop on confidential traffic or send information into cyber oblivion rendering it unreachable, according to security experts.

The Internet is rife with all kinds of cyberattacks. Denial-of-service attacks--when assailants flood networks with junk traffic--make websites unavailable and are among the most common techniques. The number of such attacks more than doubled to 2,150 in the second quarter of 2015, according to network security provider Akamai Technologies Inc.

Lawmakers addressed fears over cyber attacks Tuesday with the Senate passing a bill Tuesday to encourage companies to share more information about comprised networks.

Internet analysis firm Dyn Inc. says corporate clients are taking a deeper interest in BGP problems. Doug Madory, the firm's director of Internet analysis, says he sees as many as 20 of these events every day.

Researchers have documented cases where data intended to travel just a few miles veered off on detours spanning continents. A 2012 Department of Homeland Security report found countries including China, Russia, Kazakhstan and South Korea had "announced" pathways to U.S. government networks that actually led back to foreign addresses.

BGP traces its roots to the 1980s, when digital communication was still nascent. Academic institutions that made up the early Internet developed the language to make it easier for machines to keep track of each other's networks. The system is based on the assumption that other parties can be trusted and as a result has few built-in checks.

Engineers have been working on a solution that would add a verification process to changes to BGP's map of routes. Currently, anyone with a high-end router and a business-class broadband connection can suggest a better path for traffic, which often gets replicated across the world's network routers. The fix would encrypt each route change so a router could verify that an alteration came from a trusted source--a potentially pricey upgrade for Internet providers.

The solution--which is so complex that it has taken almost a decade to devise--is in its final stages of development but still might not be ready for years.

"It's something that we need to work on now and not wait until someone decides to launch something widespread and massive," said security researcher Sandra Murphy, a specialist at defense contractor Parsons Corp., who co-chairs the group of engineers working on a fix.

Misrouted Internet traffic is public and easy to spot, but its causes vary and many stem from programming mistakes.

Telekom Malaysia said its June network outage began when a bad configuration cascaded through its network and on to routes that carried international traffic. Level 3 said the company has adopted corrective actions.

For Two Sigma, Russian network activity didn't interfere with any of its trading communication, which doesn't travel over the public Internet. The hedge fund was alerted to the June diversion by its cyber security firm. A Two Sigma spokeswoman said the incident "posed absolutely no threat to Two Sigma or its investors."

Other attacks look more suspicious. Last year, researchers at Dell SecureWorks found that an attacker had used this technique to siphon off at least $83,000 in profits from virtual currencies like Bitcoin. The attacker had rerouted many of the paths used to claim the electronic currencies to network addresses in Canada.

Subscribe to WSJ: http://online.wsj.com?mod=djnwires

(END) Dow Jones Newswires

October 27, 2015 19:52 ET (23:52 GMT)

Level 3 Communications, Inc. (delisted) (NYSE:LVLT)
Historical Stock Chart
From Mar 2024 to Apr 2024