Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Twitter-Based System to Provide Alerts on BGP Hijacks, Outages

Cloud-delivered security provider OpenDNS is preparing to launch a new alert system designed to warn users when Border Gateway Protocol (BGP) incidents are discovered on the Internet.

Cloud-delivered security provider OpenDNS is preparing to launch a new alert system designed to warn users when Border Gateway Protocol (BGP) incidents are discovered on the Internet.

The new tool, named “BGP Stream,” is powered by data collected by BGPmon, a network and routing monitoring services company acquired by OpenDNS in March.

BGP is an external routing protocol that plays an important role in the proper functioning of the Internet. The protocol is designed to connect networks on the Internet by making them aware of each other’s existence and establishing routing between them.

Currently there are roughly half a million routes between 50,000 unique autonomous systems on the Internet. While routing changes are highly common, some of them can hide potentially malicious activity.

In August 2014, Dell reported that cybercriminals had managed to steal cryptocurrency from mining pools via BGP hijacking. The attackers used bogus BGP announcements to direct traffic from the miners to mining pools they controlled.

BGP has also been involved in Internet blackouts, including the 2012 and 2013 outages suffered by Syria. A more recent case involving BGP came to light last week when files leaked from Italian spyware maker Hacking Team revealed that the company leveraged BGP hijacking to help the Italian National Military Police regain access to clients running remote access tools.

A network of BGP probes, classifiers, and alerts operated by BGPmon enable the company to identify malicious hijacks and outages involving the routing protocol. Through BGP Stream, security researchers, IT professionals, and the general public will be alerted of these incidents. By subscribing to the stream, users will be constantly informed on potentially damaging network changes that affect traffic flows.

Advertisement. Scroll to continue reading.

BGP Stream will be easy to use because it uses Twitter to send out alerts on BGP incidents. The information will be available to companies and researchers through a client or the web browser, by accessing the BGP Stream Twitter account just like they would any other account. The stream will also be accessible via the Twitter API, which allows developers to follow accounts and programmatically pull updates from them.

“Essentially, we’re sharing this threat information in the public domain. We’re still at the early stages of threat information sharing in the information security industry, but hopefully efforts like this will inspire more vendors and researchers to undertake these kinds of projects,” Dan Hubbard, CTO of OpenDNS, told SecurityWeek.

In addition to BGP alerts, BGP Stream will leverage OpenDNS’s deep visibility into DNS traffic to inform users about distributed denial-of-service (DDoS) attacks.

The tool will become available at the beginning of August after Hubbard and BGPmon founder Andree Toonk will detail BGPStream in a talk at the Black Hat security conference in Las Vegas.

“Due to the nature of the BGP protocol, a BGP route outage or hijack can affect the entire user base of a network. There are some instances where entire countries have ‘fallen off the Internet’ or organizations have had all of their external network traffic rerouted, for potentially nefarious purposes,” Hubbard said. “BGP Stream will be what we believe is the first public alert system for these widespread outages. We’re hoping that both regular users and security researchers will be able to use it to keep abreast of the latest outages and hijacks.”

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture

Funding/M&A

Identity and access governance vendor Saviynt has closed a $205 million financing round.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

ICS/OT

Security orchestration, automation and response (SOAR) provider Swimlane on Monday announced the launch of a security automation solution ecosystem for operational technology (OT) environments.

Identity & Access

The National Security Agency (NSA) has published a series of recommendations on how to properly configure IP Security (IPsec) Virtual Private Networks (VPNs).