SoylentNews is people
SoylentNews
From Ars: "Spyware service provider Hacking Team orchestrated the hijacking of IP addresses it didn't own to help Italian police regain control over several computers that were being monitored in an investigation"
Over a six day period in August 2013, Italian Web host Aruba S.p.A. fraudulently announced its ownership of 256 IP addresses into the global routing system known as border gateway protocol, the messages document. Aruba's move came under the direction of Hacking Team and the Special Operations Group of the Italian National Military Police, which was using Hacking Team's Remote Control System malware to monitor the computers of unidentified targets. The hijacking came after the IP addresses became unreachable under its rightful owner Santrex, the "bullet-proof" Web hosting provider that catered to criminals and went out of business in October 2013, according to KrebsOnSecurity.
It's not clear from the e-mails, but they appear to suggest Hacking Team and the Italian police were also relying on Santrex. The emails were included in some 400 gigabytes of proprietary data taken during last weekend's breach of Hacking Team and then made public on the Internet.
With the sudden loss of the block of IP addresses, Italy's Special Operations Group was unable to communicate with several computers that were infected with the Hacking Team malware. The e-mails show Hacking Team support workers discussing how the law enforcement agency could regain control. Eventually, Italian police worked with Aruba to get the block—which was known as 46.166.163.0/24 in Internet routing parlance—announced in the BGP system as belonging to Aruba. It's the first known case of an ISP fraudulently announcing another provider's address space, said Doug Madory, director of Internet analysis at Dyn Research, which performs research on Internet performance.
Also covered by Brian Krebs:
http://krebsonsecurity.com/2015/07/hacking-team-used-spammer-tricks-to-resurrect-spy-network/
Original Submission
(Score: 2) by ls671 on Tuesday July 14 2015, @09:08AM
Was BGP even ever under the RADAR?
Or were we to busy patching bash attacks and ssl, even ssh vulnerabilities last year and before?
I expect more to come on the BGP side.
Everything I write is lies, including this sentence.
(Score: 2) by Yog-Yogguth on Tuesday July 14 2015, @12:49PM
I don't, this doesn't look like a bug in BGP because BGP and the internet was built on trust thus if you break/abuse/misuse trust (in this case: use BGP to lie) you break the internet.
Now I might be contradicting myself but here's one possible take on that (I don't like it).
There's no way to avoid it: no matter what one does in the end at some point it always comes down to trust. If anyone disagrees they should think about it thoroughly and afterwards consider the consequences both of this world that requires /some/ trust and a hypothetical one where trust wasn't needed (even if you were the last person alive you would still have to trust).
And how difficult do we wish to make things for ourselves? We got where we are because more often than not any exception was treated as normative rather than aberrant i.e. denying the unavoidable reliance on trust.
What level of “trust avoidance” is actually reasonable?
So how many years is it going to take before people in general realize that this is how all computing and everything else¹ works and that pretty much nothing at all can be trusted any more? In a (stupid) conversation (not on the net) a few weeks ago I claimed most people would realize/understand in a decade or two but that's most likely wrong, it's not like even the people in charge of it realize it right now or they wouldn't keep doing it.
¹ It's not like this issue of trust is limited to the topic of computers etc.: societies, institutions, humans (everyone). When trust disappears then most or all value also disappears.
What will you do if you no longer can (or have any reason to) trust yourself?
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))