'[ISN] =?iso-8859-7?q?Hacking_Team_orchestrated_brazen_BGP_hack_to?= =?iso-8859-7?q?_hijack_IPs_it_di'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] =?iso-8859-7?q?Hacking_Team_orchestrated_brazen_BGP_hack_to?= =?iso-8859-7?q?_hijack_IPs_it_di
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2015-07-13 9:34:31
Message-ID: alpine.DEB.2.02.1507130934200.19456 () infosecnews ! org
[Download RAW message or body]

http://arstechnica.com/security/2015/07/hacking-team-orchestrated-brazen-bgp-hack-to-hijack-ips-it-didnt-own/


By Dan Goodin
Ars Technica
July 12, 2015

Spyware service provider Hacking Team orchestrated the hijacking of IP 
addresses it didn't own to help Italian police regain control over several 
computers that were being monitored in an investigation, e-sent among 
company employees showed.

Over a six day period in August 2013, Italian Web host Aruba S.p.A. 
fraudulently announced its ownership of 256 IP addresses into the global 
routing system known as border gateway protocol, the messages document. 
Aruba's move came under the direction of Hacking Team and the Special 
Operations Group of the Italian National Military Police, which was using 
Hacking Team's Remote Control System malware to monitor the computers of 
unidentified targets. The hijacking came after the IP addresses became 
unreachable under its rightful owner Santrex, the "bullet-proof" Web 
hosting provider that catered to criminals and went out of business in 
October 2013, according to KrebsOnSecurity.

It's not clear from the e-mails, but they appear to suggest Hacking Team 
and the Italian police were also relying on Santrex. The emails were 
included in some 400 gigabytes of proprietary data taken during last 
weekend's breach of Hacking Team and then made public on the Internet.

With the sudden loss of the block of IP addresses, Italy's Special 
Operations Group was unable to communicate with several computers that 
were infected with the Hacking Team malware. The e-mails show Hacking Team 
support workers discussing how the law enforcement agency could regain 
control. Eventually, Italian police worked with Aruba to get the 
block—which was known as 46.166.163.0/24 in Internet routing 
parlance—announced in the BGP system as belonging to Aruba. It's the first 
known case of an ISP fraudulently announcing another provider's address 
space, said Doug Madory, director of Internet analysis at Dyn Research, 
which performs research on Internet performance.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic