Friday, June 9, 2017

BACKCONNECT’S SUSPICIOUS BGP HIJACKS


In early September 2016, a story was published about an Israeli DDoS-for-hire service, vDOS, which had been hacked, revealing “tens of thousands of paying customers and their (DDoS) targets.” Afterwards, vDOS itself was also a victim of a recent BGP hijack from a company called BackConnect. The CEO of BackConnect defended this act as justifiable and said it was a one-time event. Dyn provided some some assistance in researching what appeared to be a series of BGP hijacks conducted by BackConnect over the past year. What emerges from this analysis is that the hijack against vDOS probably wasn’t the first one conducted by BackConnect. This talk will review multiple incidents where it appears that BackConnect used BGP hijacks and, via the use of forged AS paths, sometimes obscured their involvement in this activity. Separately, this raises the philosophical question of whether there could be justification for a "defensive" BGP hijack.
by Kaspersky Lab via Endless Supplies .Us - Brands

No comments: