Global Financial Giant Victim of IP Hijacking

The Internet has completely changed the way financial information is delivered and transactions are performed, and it has become the conduit of choice for banks, credit card companies, insurance companies, stock exchanges, stock brokers and other financial institutions around the world. In the financial world, fast and reliable delivery of information and orders is of the utmost importance. Not only is the absolute time it takes for information to arrive at its destination crucial, but also the relative time compared to the same information reaching others. Frequently, companies are contractually obligated to ensure no customer gets an unfair advantage by receiving information before anyone else. If this happens, they are liable for serious penalties, extortion and customer abandonment.

These organizations go to great lengths to protect this information from prying eyes and invest resources and effort in defending themselves from cyber-attacks attempting to gain access into their systems. However, not all cyber-attacks try to gain access directly within the organization. There exists a different kind of attack which is significantly underestimated.

Global Financial Institution Traffic Hijacked Between Europe and Japan

In April of 2017, BGProtect detected the hijacking of traffic of a significant institution of the financial market from Sweden and Norway to Japan. During normal operation, all traffic between these sites was routed through New York and California to Japan. During the attack, the traffic was hijacked to China and then returned to its intended destination in Japan via Hong Kong. In addition to being a serious security risk, this hijacking cause an addition routing delay of over 2 seconds, where normally delays would be measured in milliseconds. Maps of this IP Hijacking incident can be seen in Fig. 1.

In May of 2017, traffic from Brussels to the same institution in Japan was hijacked to Russia over a period of 20 minutes. For comparison, traffic delivered at the same time from the same location in Brussels was routed directly to Hong Kong without incident. A comparison of the Japanese and Hong Kong routes are visible in Fig. 2.

Map Showing Normal and Hijacked Routes Between Sweden and Japan

Fig. 1: Map Showing Normal and Hijacked Routes Between Sweden and Japan

Map Showing Deflected Routing via Moscow

Fig. 2: Map Showing Deflected Routing via Moscow