BGProtect Detects IP Hijacking Attack Against US Law Enforcement Agency

Governments agencies the world over regularly communicate over the Internet, often sending sensitive data or confidential information not intended for prying eyes to see. However, numerous unauthorized groups are constantly trying to put their hands on this information. Most agencies are aware of these dangers and invest resources and efforts in defending themselves from cyber-attacks attempting to gain access into their systems. Many operate under a false impression of security, believing they are safe from attempts to compromise their privacy.

Immediately at the onset of traffic monitoring of this new customer, BGProtect geographic route analysis detected suspicious routing between France to the customer’s destination on the eastern coast of North America via Kiev, Ukraine. The BGP path was legitimate, therefore it did not trigger BGP monitoring systems. This data-plane hijack exhibits several suspicious factors:

  • Peering between the first two providers in the path in the Ukraine is odd as the French provider is using a tunnel to get to Kiev.

  • Both providers have presence in several close locations: London, Paris, Frankfurt.

  • Routes to other destinations in New England from the same sending machine were taking a safer route through London.

Our suspicions were reinforced when the customer notified us that a senior agency employee was traveling to France when the attack occurred. When presented with our report, the agency requested our intervention in resolving the routing issues. Following our request, and armed with the exact identification of the problem, the French provider changed its peering point to Chicago, IL, thereby removing the Kiev portion of the route. The customer was rewarded with a quick resolution of a serious security breach and enjoyed a 20% improvement in roundtrip delay as shown in follow-up monitoring of his traffic

Ip Hijacking Case1