LLMpediaThe first transparent, open encyclopedia generated by LLMs

BGP hijacking

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: IETF QUIC Hop 4
Expansion Funnel Raw 112 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted112
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
BGP hijacking
NameBGP hijacking
Typenetwork routing incident
TargetedInternet routing infrastructure
MitigationRoute filtering, RPKI, monitoring

BGP hijacking BGP hijacking describes incidents where Border Gateway Protocol route announcements are altered or misrepresented, causing traffic to be misrouted, intercepted, or dropped; it affects Internet backbone connectivity between autonomous systems such as those operated by AT&T, Verizon Communications, Deutsche Telekom, NTT Communications and Level 3 Communications. Originators and victims include Internet service providers like Akamai Technologies, Cloudflare, AOL, Cogent Communications and content networks such as Google, Facebook, Amazon Web Services, Microsoft Azure; incidents provoke responses from organizations including the Internet Engineering Task Force, Regional Internet Registries, RIPE NCC and ARIN. Responses to incidents engage regulators and policy bodies such as the Federal Communications Commission, European Commission, UK Ofcom and forums like MANRS and the Internet Society.

Overview

Routing on the global Internet depends on the Border Gateway Protocol used by autonomous systems operated by entities like Comcast, T-Mobile, China Telecom, Telefonica and BT Group; when route origins are falsified or withdrawn, traffic destined for networks such as YouTube, Wikipedia, Netflix, Twitter and LinkedIn can be diverted. Historical operators and investigators such as Renesys, BGPMon, Hurricane Electric, Team Cymru and CAIDA have cataloged incidents affecting exchanges like LINX, AMS-IX, DE-CIX, Equinix and infrastructures owned by Verizon Business. Critical infrastructure and enterprises including NASDAQ, SWIFT, IANA, ICANN and cloud platforms experience systemic risk when routes are manipulated, prompting technical standards from IETF working groups and policy dialogues at ICANN meetings.

Mechanisms and techniques

Hijacks commonly exploit misconfigurations or malicious announcements by network operators, transit providers, or hosting firms such as SoftLayer and Rackspace; tactics mirror methods observed in attacks against telecommunication incumbents like CenturyLink and Sprint Corporation. Techniques include prefix origin hijacking, subprefix injection, AS-path poisoning, and bogus route leakages implicated in events traced to operators like PCCW Global and transit-rich networks such as NTT. Attack vectors have been associated with compromised routers from vendors such as Cisco Systems, Juniper Networks, Huawei Technologies and Arista Networks when credentials or control-plane access are abused; advanced operations resemble nation-state campaigns linked in reporting to actors associated with states including Russia, China, Iran and North Korea in analyses by firms like Recorded Future and FireEye.

Detection and monitoring

Monitoring relies on telemetry and data collection from route collectors operated by RouteViews, RIPE NCC RIS, CAIDA Ark, Hurricane Electric and Internet exchange route servers; anomaly detection is performed by services including BGPMon, BGPStream, ThousandEyes, Catchpoint and Cisco Talos. Correlation with active measurements from platforms such as RIPE Atlas, NLNOG RING, SamKnows, OpenINTEL and probes in CDN infrastructures like Akamai and Fastly helps distinguish accidental misconfiguration from malicious intent; researchers from institutions such as MIT, Stanford University, ETH Zurich, University College London and Georgia Tech publish analyses. Community efforts and projects by MANRS, IETF SIDR Working Group, IETF MANRS and regional registries like APNIC and LACNIC provide datasets and best practices for real-time detection.

Impacts and notable incidents

Major incidents have disrupted services for platforms like YouTube and Google in documented cases affecting traffic to providers such as Level 3 and TeliaSonera; episodes include route leaks and hijacks observed in association with operators like Pakistan Telecom, MainOne and ROSTELECOM. Financial market exposure has been highlighted by outages impacting exchanges and payment systems similar to incidents analyzed in the context of NYSE and SWIFT risk studies. Notable documented events involved academic and industry analyses of incidents attributed to mistakes by carriers such as AS12389 and national routing anomalies affecting regions served by Bharti Airtel, MCI and Telefonica; media coverage and technical postmortems have appeared from outlets referencing investigations by The New York Times, Wired, Bloomberg and incident reports by Cloudflare and Google.

Mitigation and prevention

Technical mitigations include deployment of RPKI Route Origin Validation promoted by IETF, cryptographic attestation in standards work at IETF SIDR, route filtering practices advocated by MANRS, prefix filtering by regional registries like RIPE NCC and ARIN, and transit-provider best practices from operators such as Cogent Communications and Hurricane Electric. Operational steps include peer filtering at Internet exchanges like AMS-IX and LINX, adoption of BGPsec specifications from IETF, and use of secure router management technologies from vendors like Cisco and Juniper Networks; incident response exercises and playbooks have been developed by groups such as FIRST and national CERTs like US-CERT and CERT-EU.

Policy responses involve coordination among ICANN, IETF, IANA, Regional Internet Registries and national regulators including FCC and Ofcom to balance technical standards and legal accountability; debates engage stakeholders such as Verizon, AT&T, Amazon, Google and civil society organizations including the Electronic Frontier Foundation and the Internet Society. Legal frameworks consider cross-border enforcement challenges seen in disputes involving carriers in jurisdictions like United States, European Union, China and Brazil; governance mechanisms span multistakeholder forums such as IGF, standards bodies like IETF, and industry initiatives like MANRS to improve resilience against routing abuse.

Category:Internet security