Wired has the story of the latest major security hole on the internet, the routing protocol BGP:
Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.
The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.
The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet’s core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy. The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness.
This is the second major security flaw found in the core protocols that govern how the internet routes packets of information around the world. Earlier this year, issues with the DNS protocol were revealed and shown to be a significant security issue.
The core issue security researchers face with the DNS and BGP protocol issues is one of trust. Both security “holes” exist because when the protocols were originally developed they assumed that any node on the internet could be trusted. But in today’s world of botnets and black-hat hackers, it’s clear that many internet nodes simply can’t be trusted. But the protocols have never been updated…
Unfortunately, a solution to both of these issues may be a long way down the road:
Douglas Maughan, cybersecurity research program manager for the DHS’s Science and Technology Directorate, has helped fund research at BBN and elsewhere to resolve the BGP issue. But he’s had little luck convincing ISPs and router vendors to take steps to secure BGP.