January 1, 2020

232 words 2 mins read

BackConnects Suspicious BGP Hijacks

BackConnects Suspicious BGP Hijacks

In early September 2016, security blogger Brian Krebs broke a story about an Israeli DDoS-for-hire service, vDOS, which had been hacked, revealing tens of thousan …

Talk Title BackConnects Suspicious BGP Hijacks
Speakers Doug Madory (Dyn)
Conference NANOG68
Conf Tag
Location Dallas, Texas
Date Oct 17 2016 - Oct 19 2016
URL Talk Page
Slides Talk Slides
Video Talk Video

In early September 2016, security blogger Brian Krebs broke a story about an Israeli DDoS-for-hire service, vDOS, which had been hacked, revealing “tens of thousands of paying customers and their (DDoS) targets.” Afterwards, Krebs noticed that vDOS itself was also a victim of a recent BGP hijack from a company called BackConnect. The CEO of BackConnect defended this act as justifiable and said it was a one-time event. Krebs then contacted Dyn for some assistance in researching what appeared to be a series of BGP hijacks conducted by BackConnect over the past year. What emerges from this analysis is that the hijack against vDOS probably wasn’t the first one conducted by BackConnect. This talk will review multiple incidents where it appears that BackConnect used BGP hijacks and, via the use of forged AS paths, sometimes obscured their involvement in this activity. Separately, this raises the philosophical question of whether there could be justification for a “defensive” BGP hijack. This talk will draw on the analysis in the following blog posts: http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/ http://krebsonsecurity.com/2016/09/ddos-mitigation-firm-has-history-of-hijacks/

comments powered by Disqus