Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Twitter-Based System to Provide Alerts on BGP Hijacks, Outages

Cloud-delivered security provider OpenDNS is preparing to launch a new alert system designed to warn users when Border Gateway Protocol (BGP) incidents are discovered on the Internet.

Cloud-delivered security provider OpenDNS is preparing to launch a new alert system designed to warn users when Border Gateway Protocol (BGP) incidents are discovered on the Internet.

The new tool, named “BGP Stream,” is powered by data collected by BGPmon, a network and routing monitoring services company acquired by OpenDNS in March.

BGP is an external routing protocol that plays an important role in the proper functioning of the Internet. The protocol is designed to connect networks on the Internet by making them aware of each other’s existence and establishing routing between them.

Currently there are roughly half a million routes between 50,000 unique autonomous systems on the Internet. While routing changes are highly common, some of them can hide potentially malicious activity.

In August 2014, Dell reported that cybercriminals had managed to steal cryptocurrency from mining pools via BGP hijacking. The attackers used bogus BGP announcements to direct traffic from the miners to mining pools they controlled.

BGP has also been involved in Internet blackouts, including the 2012 and 2013 outages suffered by Syria. A more recent case involving BGP came to light last week when files leaked from Italian spyware maker Hacking Team revealed that the company leveraged BGP hijacking to help the Italian National Military Police regain access to clients running remote access tools.

A network of BGP probes, classifiers, and alerts operated by BGPmon enable the company to identify malicious hijacks and outages involving the routing protocol. Through BGP Stream, security researchers, IT professionals, and the general public will be alerted of these incidents. By subscribing to the stream, users will be constantly informed on potentially damaging network changes that affect traffic flows.

BGP Stream will be easy to use because it uses Twitter to send out alerts on BGP incidents. The information will be available to companies and researchers through a client or the web browser, by accessing the BGP Stream Twitter account just like they would any other account. The stream will also be accessible via the Twitter API, which allows developers to follow accounts and programmatically pull updates from them.

Advertisement. Scroll to continue reading.

“Essentially, we’re sharing this threat information in the public domain. We’re still at the early stages of threat information sharing in the information security industry, but hopefully efforts like this will inspire more vendors and researchers to undertake these kinds of projects,” Dan Hubbard, CTO of OpenDNS, told SecurityWeek.

In addition to BGP alerts, BGP Stream will leverage OpenDNS’s deep visibility into DNS traffic to inform users about distributed denial-of-service (DDoS) attacks.

The tool will become available at the beginning of August after Hubbard and BGPmon founder Andree Toonk will detail BGPStream in a talk at the Black Hat security conference in Las Vegas.

“Due to the nature of the BGP protocol, a BGP route outage or hijack can affect the entire user base of a network. There are some instances where entire countries have ‘fallen off the Internet’ or organizations have had all of their external network traffic rerouted, for potentially nefarious purposes,” Hubbard said. “BGP Stream will be what we believe is the first public alert system for these widespread outages. We’re hoping that both regular users and security researchers will be able to use it to keep abreast of the latest outages and hijacks.”

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

Kelly Shortridge has been promoted to VP of Security Products at Fastly.

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.