BackConnects Suspicious BGP Hijacks
In early September 2016, security blogger Brian Krebs broke a story about an Israeli DDoS-for-hire service, vDOS, which had been hacked, revealing tens of thousan …
Talk Title | BackConnects Suspicious BGP Hijacks |
Speakers | Doug Madory (Dyn) |
Conference | NANOG68 |
Conf Tag | |
Location | Dallas, Texas |
Date | Oct 17 2016 - Oct 19 2016 |
URL | Talk Page |
Slides | Talk Slides |
Video | Talk Video |
In early September 2016, security blogger Brian Krebs broke a story about an Israeli DDoS-for-hire service, vDOS, which had been hacked, revealing “tens of thousands of paying customers and their (DDoS) targets.” Afterwards, Krebs noticed that vDOS itself was also a victim of a recent BGP hijack from a company called BackConnect. The CEO of BackConnect defended this act as justifiable and said it was a one-time event. Krebs then contacted Dyn for some assistance in researching what appeared to be a series of BGP hijacks conducted by BackConnect over the past year. What emerges from this analysis is that the hijack against vDOS probably wasn’t the first one conducted by BackConnect. This talk will review multiple incidents where it appears that BackConnect used BGP hijacks and, via the use of forged AS paths, sometimes obscured their involvement in this activity. Separately, this raises the philosophical question of whether there could be justification for a “defensive” BGP hijack. This talk will draw on the analysis in the following blog posts: http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/ http://krebsonsecurity.com/2016/09/ddos-mitigation-firm-has-history-of-hijacks/