The Internet Fabric is Under Constant Attack
By Michael Meyer, CRO, CSO, MRS BPO
We have all heard of the various attacks on businesses like ransomware, business email compromise (BEC) and hacker break-ins of companies and organizations of all sizes. In fact, it seems like a steady stream of these news events almost every day. We hear about these things in the regular news because they have a clear, tangible effect on businesses, people and their customers.
"With the increasing rise of redirections of important and sensitive communications streams, the need has become ever more urgent for a method to secure the routing process and guarantee unmonitored communications"
However, there are another whole class of major attacks that are taking place on a continual basis on the unseen loosely interwoven fabric of the internet away from the reporter’s pen, the public’s eyes and most everyone’s awareness. These attacks are like parasites that you don’t know are there but are continually leaching blood (information streams) and nutrients (data) from their hosts.
These attacks only come to light when the parasitic hacker makes an error or intentionally disrupts a route to a website, an entire network or region of a country. You are probably thinking that these are isolated and rare, but they are not. There are over 10 thousands of attacks a year with some lasting a few seconds, to minutes, days or even 2.5 years in the longest documented case. These attacks range from routing redirections, where some or all traffic is accidentally (through human error) or intentionally misrouted from point A through point C to get to point B to outright disruptions. In the case of misrouting Point A and Point B can be in the same country and point C could be somewhere else in the world and most users would not know it because the internet links are so fast. This means that a hacker could misroute a specific bank, government agency or an entire country to another place so that the data could be intercepted, recorded and then analyzed later for various usually nefarious purposes. In fact, in 2017 large amounts of traffic belonging to Mastercard, Visa and many other financial services companies were rerouted to a Russian telecommunications company for unknown reasons. This happened again the same year with all traffic from Los Angeles to Washington DC being rerouted through China before it was sent to Washington DC. More recently in November of 2018, most of the traffic for Google.com was routed through China, Russia and Nigeria. This caused Google to appear to go down for over an hour. Some experts speculated that it might have been an actual war-gaming exercise to see if they could actually do it and others said it could have been a major fat finger mistake. Either way, they now know that they can clearly take out a major portion of a major internet company with a few keystrokes. These types of blatant attacks are dramatically and substantially more serious than attacks on an individual company because these attacks could affect not just a domain, but many companies, a whole industry, large cities, governments and in the worst case an entire country. By now, you are probably wondering what we are doing about this incredibly weak internet infrastructure. The routing backbone of the entire internet is built on a protocol named Border Gateway Protocol (BGP). This protocol was developed a while ago in 1989 by the Internet Engineering Task Force (IETF), right before the modern-day internet took off. This very capable and advanced scalable routing protocol may be one of the fundamental reasons that the internet was able to expand and handle so much traffic so quickly. This protocol has been updated a few times since then, with the modern-day version being mostly unchanged from the last major update in 1995! Back then they didn’t really think about security, so there have been calls over the years to develop a new protocol, but many technologists say that it isn’t needed. However, with the increasing rise of redirections of important and sensitive communications streams, the need has become ever more urgent for a method to secure the routing process and guarantee unmonitored communications. While there isn’t a silver bullet, there is a true global initiative that is gaining widespread support. This initiative is called Mutually Agreed Norms for Routing Security (MANRS). It is an industry-supported initiative and provides a security configuration baseline to member companies. These baselines are for network operators, and they cover Filtering, Anti-Spoofing, Coordination and Global Validation areas. So far over 120 major network operators around the world have joined MANRS with half of them joining last year. This is an important step because the more network operators that join and implement these measures--the safer it is for all internet traffic. So far MANRS is the best answer that industry and the governing bodies of the internet have come up with to secure our data, our internet, and our interconnected future. Let’s hope it is enough.