Saturday, 7 December 2013

Privacy? That ship has sailed. Ginormous internet theft.

Belarus servers played man-in-tbe-middle and re-routed millions of communications from businesses and governments through its copier.  This is the same trick NSA uses
but now it's done by a private criminal enterprise.  h/t smalldeadanimals

The idea is simple.  BGP routers decide what path messages will follow and depend on trust, telling each other what IP destinations they can easily deliver to.  The winner is the one with the smallest block of IP addresses that includes the destination address.   Sometimes people lie.

“What makes a man-in-the-middle routing attack different from a simple route hijack? Simply put, the traffic keeps flowing and everything looks fine to the recipient,…” Renesys wrote in a blog post about the hijacks. “It’s possible to drag specific internet traffic halfway around the world, inspect it, modify it if desired, and send it on its way. Who needs fiberoptic taps?”
Lots of detail at the source.  The good news is that Renesys sends tagged data out into the internet all day long and retrieves it so see if it followed a logical path or was detoured.  On the other hand, if the thieves only tell a few targeted servers to re-route data, Renesys may not hear about it.

Chuang Tzu predicted this thousands of years ago:

In taking precautions against thieves who cut open satchels, search bags, and break open boxes, people are sure to cord and fasten them well, and to employ strong bonds and clasps; and in this they are ordinarily said to show their wisdom. When a great thief comes, however, he shoulders the box, lifts up the satchel, carries off the bag, and runs away with them, afraid only that the cords, bonds, and clasps may not be secure; and in this case what was called the wisdom (of the owners) proves to be nothing but a collecting of the things for the great thief.
This applies to passwords and credit card information too. You are obliged to use increasingly complex alphanumeric passwords for everything while your overlords are robbed blind by hackers who steal those secrets by the million.

Privacy? That ship has sailed.  The choice is between a dynamic identity in an open network or a private identity in the backwoods.  Both are attractive but the open one needs power to counter-attack thieves.

No comments:

Post a Comment