Internet-scale 'man in the middle' attack disclosed

A researcher has found a nearly invisible way to redirect network traffic through an attacker's network using existing network protocols.

Correction at 3:15 p.m. PDT: This post initially misstated the meaning in this context of ASN. It stands for Autonomous System Notation.

In Black Hat's October Webinar on Thursday, Anton Kapela, datacenter manager at 5Nines Data, spoke about Internet-scale "man in the middle" attacks.

The talk reprised a last-minute substitution presentation he gave along with Alexander Pilosov at this year's Defcon conference in August . During the conference, the two researchers intercepted all conference Internet traffic at the Riviera Hotel in Las Vegas and ran it through their servers. According to Black Hat founder and director Jeff Moss, most attendees didn't realizing this was being done.

"This is an emergent vulnerability," said Kapela in the Webinar. "It only becomes apparent in thousands of networks, not one." He took effort to explain that this is really a condition of the Internet today. "I'm not talking about any particular failing, or vendor implementation. This is something that happens because we're using it all," he said

Both Kapela and Moss drew parallels between this flaw and Dan Kaminsky's DNS disclosure in July. Moss said that this talk in particular was representative of research being done on the bedrock foundations of the Internet. Lately researchers have been finding faults that could have enormous impact in the future.

Kapela said there is a trust issue with Border Gateway Protocol, and admitted that the hijacking part of his talk isn't new. What is new is that "any network has the ability to facilitate this attack." Kapela and his partner found a feasible return path using Autonomous System Number that provides a way to hop-scotch through an attacker's network on the way back to yours. In a newsgroup thread, Kapela summarized it as "using AS-path loop detection to selectively blackhole the hijacked route which creates a transport path back to the target."

Kapela said this method challenges the conventional thinking that traffic analysis means you have to be local. You could be in China and monitoring static networks in the U.S.

Black Hat has been hosting these Webinars since June , and offers an e-mail address ( to subscribe for updates.

About the author

    As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at or e-mail Robert with your questions and comments.



    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    Hot on CNET

    CNET's giving away a 3D printer

    Enter for a chance to win* the Makerbot Replicator 3D Printer and all the supplies you need to get started.