IP Hijacking Attacks Against Asian Government Ministries
Governments ministries around the world transmit and receive massive amounts of data over the Internet, some of it containing sensitive data or including confidential information not intended for prying eyes to see. It is not surprising that numerous interested groups are implementing extensive measures to put their hands on this information. Most governments are aware of these dangers and invest resources and effort in defending themselves from cyber-attacks attempting to gain access into their systems. Many operate under a false impression of security, believing they are safe from attempts to compromise their privacy.
Hijacking Traffic Intended to Government Ministry in South Korea
During 2016, BGProtect detected the hijacking of destinations sent from Canada to a government ministry in South Korea. During normal operation, all routing between these sites were conducted via an Internet Exchange Point (IXP) in California and from there directly to Seoul. The normal routing of traffic is shown in Fig. 1. However, when the attack began in February of that year, the route was diverted first to China and then later to its intended destination in Seoul, shown in Fig. 2. In addition to the serious potential of being exposed to damaging manipulation, all transmissions suffered an increased delay of at least 20% and reaching over 100% on occasion.
Fig. 1: Map Showing Normal Operation Between Canada and Seoul, S. Korea
Fig. 2: Map Showing Deflected Routing via China
Government Ministry in Vietnam Under Attack
At the request of a customer, BGProtect began monitoring the routing of internet traffic to a specific ministry of the Vietnamese government. In mid-June of 2016 we detected that traffic originating in Italy on its way to Vietnam was being hijacked to China. Within a week, traffic originating in many other locations throughout Europe and North America destined for the same Vietnamese ministry was also being hijacked to China. In a screenshot from our system, Fig. 3 shows multiple origins of traffic (depicted by squares) destined for Vietnam. Any square not colored in green portrays traffic being deflected via China. On the 30th of June, all hijacking abruptly ended and the routing returned to normal.
Fig. 3: Map Showing Origins of Traffic That Was Re-routed via China
The significance of this hijacking cannot be over emphasized. Left undetected and unattended, serious damage could have been inflicted upon the ministry, including unauthorized access to classified information and any type of Man-In-The-Middle manipulation.