• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Microcontroller Tips

Microcontroller engineering resources, new microcontroller products and electronics engineering news

  • Products
    • 8-bit
    • 16-bit
    • 32-bit
    • 64-bit
  • Applications
    • 5G
    • Automotive
    • Connectivity
    • Consumer Electronics
    • EV Engineering
    • Industrial
    • IoT
    • Medical
    • Security
    • Telecommunications
    • Wearables
    • Wireless
  • Learn
    • eBooks / Tech Tips
    • EE Training Days
    • FAQs
    • Learning Center
    • Tech Toolboxes
    • Webinars/Digital Events
  • Resources
    • Design Guide Library
    • DesignFast
    • LEAP Awards
    • Podcasts
    • White Papers
  • Videos
    • EE Videos & Interviews
    • Teardown Videos
  • EE Forums
    • EDABoard.com
    • Electro-Tech-Online.com
  • Engineering Training Days
  • Advertise
  • Subscribe

BGP hijacking: How the Internet is getting hacked and what you can do about it

January 9, 2019 By Aimee Kalnoskas Leave a Comment

By Rudy Ramos, Mouser Electronics

Most of us are familiar with the tricks used by malicious hackers to steal passwords or intercept private data. When we click a link, or start a chat, or send an email, it’s second nature to quickly check URLs and addresses to make sure that our data is going where we intended. However, sometimes, such caution is not enough, because even the standard routing protocols that link the internet and carry data around the world can be vulnerable to disruption. It is as if you board a flight to Honolulu and everything seems in order, but your plane lands in Pyongyang. One of the most alarming and pernicious Internet routing attacks is BGP (Border Gateway Protocol) hijacking.

BGP hijacking in simple terms means announcing to the entire internet: “Internet traffic sent to this numerical IP address range should be routed through my servers way over there because that is the best route.” The surprising result is that gigabytes of data actually will get routed via those servers on the way to its eventual destination, even though the new route is not the fastest—and perhaps does not even make sense because internet traffic between a company in New York and its bank in Boston, for example, is now traveling via Moscow.

bgp hacking
BGP hijacking. Image: Bishop Fox

Routing attacks allow sensitive information (such as passwords, corporate secrets, banking information, or IoT data) to be copied, or altered, en route, unbeknownst to the sender or receiver or the data could be discarded—a denial of service attack. BGP’s surprising weakness is a legacy of the Internet’s origins as a network for universities and research institutes, which could all trust each other. What is more surprising is that security professionals have been stridently warning about this vulnerability for decades, yet it persists and increasingly being exploited. Internet governance bodies are working on solutions, but these are still apparently some years from being globally accepted.

Who can perform a BGP attack? Worldwide, there are more than 80,000 organizations, such as Internet Service Providers (ISPs), with authority to announce internet routes via BGP, and that number is increasing. A malicious actor could hack into one of those organizations, or even set up their own. Moreover, because BGP includes no formal identity verification, it’s also possible, in theory, to merely pretend to be one of these authorized organizations—a spoofing attack.

BGP incidents can impact billions and cost millions

Some well-known cases of BGP hijacking were simple configuration errors, though they still temporarily blocked internet connectivity for vast numbers of popular sites, from Amazon to Google to Facebook. For example, in 2008, officials in Pakistan were ordered to block local people from visiting YouTube, by re-routing Pakistani traffic destined for YouTube’s IP address ranges to a local address, where it was discarded. But due to a typing error, they failed to limit the routing change to their own country. Within minutes, they had blocked YouTube access for almost everyone in the world. In an even bigger blunder, in 2005, a Turkish ISP accidentally re-routed all Internet traffic in the world to themselves.

Both of these accidents caused business disruption and cost money. However, there have been cases in where BGP hijacking has been far harder to detect and where the intent was more suspect. What makes these cases both subtle and suspicious is that the re-routed data was not just dumped into a black hole, but was re-directed, potentially copied, and then immediately sent on to its intended recipient, leaving them none the wiser.

Recently, numerous incidents have seen data to financial, law enforcement and governmental websites unexpectedly taking detours through foreign countries far from their intended destination. In some cases, money has been stolen. Accusing fingers have been pointed at China, Russia, the US, and other nations. Sidestepping the question of blame, however, we can at least take some simple steps to mitigate the risks.

Simple steps to guarding against routing attacks

The most important defense against BGP hijacking, and also one of the easiest to implement, is to always use HTTPS (and other encryption protocols like SSL/TLS and SSH) for everything. Strict use of encryption does not prevent re-routing, but it does make our data far harder to read or alter en route.

Network administrators should enforce HTTPS Strict Transport Security (HSTS), to prevent connections falling back from HTTPS to insecure HTTP. Within organizations, we must ensure that users cannot defeat HTTPS by clicking through browser security alerts or accepting faked security certificates and unknown certificate authorities.

However, enforcement of HSTS requires user education, as well as the configuration of servers and clients. Note that older embedded hardware may struggle with encryption processing loads. For lower power consumption, particular in IoT devices, it would be ideal for silicon to handle these functions instead of by software.

Also, organizations can monitor the routes their internet data is taking and look out for suspicious routing changes. Remember to check routes in both directions, from client to server and vice-versa, because one direction could be normal while the other has been tampered with. There are several companies which provide such monitoring services.

To summarize the key lessons: Internet routing attacks are extremely dangerous, and currently, we cannot always prevent them, but with good systems design, end-to-end encryption, and user education, we can ensure that our data is encrypted and therefore of much less value to attackers.

Filed Under: Applications, Featured, Security, Tools Tagged With: mouserelectronics

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Featured Contributions

Five challenges for developing next-generation ADAS and autonomous vehicles

Securing IoT devices against quantum computing risks

RISC-V implementation strategies for certification of safety-critical systems

What’s new with Matter: how Matter 1.4 is reshaping interoperability and energy management

Edge AI: Revolutionizing real-time data processing and automation

More Featured Contributions

EE TECH TOOLBOX

“ee
Tech Toolbox: 5G Technology
This Tech Toolbox covers the basics of 5G technology plus a story about how engineers designed and built a prototype DSL router mostly from old cellphone parts. Download this first 5G/wired/wireless communications Tech Toolbox to learn more!

EE Learning Center

EE Learning Center

EE ENGINEERING TRAINING DAYS

engineering
“bills
“microcontroller
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, tools and strategies for EE professionals.

DesignFast

Design Fast Logo
Component Selection Made Simple.

Try it Today
design fast globle

Footer

Microcontroller Tips

EE World Online Network

  • 5G Technology World
  • EE World Online
  • Engineers Garage
  • Analog IC Tips
  • Battery Power Tips
  • Connector Tips
  • DesignFast
  • EDA Board Forums
  • Electro Tech Online Forums
  • EV Engineering
  • Power Electronic Tips
  • Sensor Tips
  • Test and Measurement Tips

Microcontroller Tips

  • Subscribe to our newsletter
  • Advertise with us
  • Contact us
  • About us

Copyright © 2025 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy