Without BGP, there is no Internet as we know it. But that doesn’t mean it can’t cause problems—our reliance on the accuracy of the information provided by BGP routers means that anyone who can gain access to one can redirect some portion of online traffic by advertising a sufficiently small set of addresses whose traffic it wants to target. In other words, if you want access to some piece of online traffic directed to someone else, you can use BGP to announce that you will deliver it to its intended recipients—in the same way that Comcast announces it can deliver traffic to me—and the rest of the Internet will believe you. So this is probably what happened in the bitcoin theft incidents investigated by SecureWorks—the thief used the credentials of someone who worked at a Canadian ISP to send out false routing announcements. Using those announcements, the thief redirected the traffic of groups dedicated to bitcoin mining and was able to retain the bitcoins harvested by those groups’ machines rather than paying them out to the owners of the mining computers.
« Older GenCon, the best four days of gaming starts tomorr... | Despite the comment collecting... Newer »
This thread has been archived and is closed to new comments