This is a deeply technical but potentially very troubling story. Imagine one day you’re using the Internet the same way you do every day. Reading the news, shopping, sending email, checking your bank and credit card balances. Maybe even doing some work for your employer.
Typically, but not always, the bits being sent from your computer, tablet or phone will flow from where you are to where they need to be via the most direct route available.
But what if they didn’t? What if someone slipped in between you and the various servers you’re connecting with and diverted your traffic elsewhere, funneling it through a choke point of their choosing, so they could capture, copy and analyze it? Your data takes some extra — and imperceptible — milliseconds to get where it’s going and ultimately everything you’re doing online works just fine. But your traffic has been hijacked by parties unknown and you’re none the wiser that it has happened.
In network security circles, this is what’s known as a Man-In-The-Middle attack. And for years it has been understood to be possible in theory, but never seen in practice. That changed earlier this year when someone — it’s unclear who — diverted Internet traffic from some 150 cities around the world through networks in Belarus and Iceland.
The troubling disclosure came yesterday from the research company Renesys. The firm specializes in tracking the operational health of global Internet infrastructure. When Internet traffic goes down in one country or another, whether because of a natural disaster or political unrest, Renesys is usually among the first to see it.
The attack — and Renesys maintains that it was an attack — targeted large Internet carriers in every major city in the U.S. and numerous major cities in Europe and around the world. (See their map here.)
The first incident took place during most of the month of February, when Internet traffic was silently redirected through an Internet service provider calledGlobalOneBel, based in the Belarusian capital, Minsk. The targets of these attacks included financial institutions, government agencies and network service providers.
Renesys tracked the attacks as they happened. Here’s how its CTO Jim Cowie described one:
20131120/how-somebody-forced- the-worlds-internet-traffic- through-belarus-and-iceland/
The Tap Blog is a collective of like-minded researchers and writers who’ve joined forces to distribute information and voice opinions avoided by the world’s media.