Someone’s reportedly hijacking vast amounts of government and financial data through a US internet security hole

By on December 6, 2013, 5:15 PM
financial, wired internet, ip, hijacking, voip provider, foreign ministry, credit card numbers

I guess at some point most of us just assume that people are siphoning off huge amounts of important data through the internet for nefarious purposes, and based on a report from Wired it appears as though something just like that has recently been uncovered.

Supposedly in operation for quite some time unnoticed, someone is copying and redirecting massive amounts of important internet data traffic headed for American government agencies, corporations and others. As you can see in the image above the culprits are pulling data stateside and then siphoning it off and bouncing it around the globe, again very much like most of us would imagine it happens.

Wired says that, "The stakes are potentially enormous, since once data is hijacked, the perpetrator can copy and then comb through any unencrypted data freely — reading email and spreadsheets, extracting credit card numbers, and capturing vast amounts of sensitive information." The publication went on to say that researchers suggest that those responsible for the cyber attacks initiated these kinds of bulk data grabs about 38 times from across 1500 different IP blocks. Sometimes the attackers would leech on for minutes and sometimes for as long as days. Another key point researchers are driving home is that these attacks could not have been a mistake of any kind.

It is unclear at this point why the attacks took place and what can be done about preventing them in the future. It looks as though most of the stolen data was headed for large financial institutes, which would initially make sense, but then data showed up that appeared to be heading to the foreign ministry and a "large VoIP provider in the U.S."

At this point, the large convoluted network the data is passing through, combined with what sounds like a very possible course of events, has made it quite difficult to figure out who is behind the attacks. Wired explains:

Tony Kapela [one of the researchers who discovered the breach] says the culprit... could actually be an outsider who simply seizes control of one of the systems and sends out the bogus announcement without the owner of the system knowing it. He imagines a scenario where an attacker gains physical access to a router belonging to one of the companies and installs a monitoring device to record data, then gains control of the router console to send out a bogus BGP announcement to redirect traffic through the router. If anyone discovers the redirect, the culprit would appear to be the company that owned the route

User Comments: 8

Got something to say? Post a comment
1 person liked this | ---agissi--- ---agissi---, TechSpot Paladin, said:

Sounds like a perfect story for the NSA to scoff up. Great timing too.

Guest said:

I again have to congratulate Edward Snowden for being such a traitor and helping in the death of America (sarcasm). Maybe he could have put some effort into PROTECTING his country instead.

World: "Why didn't you use your powers for good, instead of serving evil?"

Ed: "Coz I wouldn't have got my photo published"

World: "But Edward, you have eroded the security and privacy of your government operations, your former employer and ultimate defender of your homeland!"

Ed: "Like I care, I'm a Russian now. I wanted to be Chinese but they were smart enough to boot me onto Moscow."

World: "Edward, we would like you to come home for a nice warm bath. We'll even meet you at the airport"

Ed: "Nyet!"

3 people like this | Darth Shiv Darth Shiv said:

Nice troll guest. Remember the US Govt is just as untrustworthy as any other state. Worse still they put the vulnerabilities there in the first place.

Guest said:

Sorry Edward, I didn't realise you were online.

Maybe you could contribute positively by helping to strengthen your countries cyber security instead of spamming anarchist nonsense.

wastedkill said:

If its 1 thing I have learned over the past couple of days is anything computer hacker/espionage/spying related is 100% legal and fully accepted by the US so if you live in the US and you hack or do anything like what this article says you are well within your legal right to do so.

Personally if the government does this kind of stuff then you are allowed to do it otherwise why would it be illegal if the non-governmental people are treated differently kinda takes you back to the old days of white people are rich black are poor which means they are slaves...

If the US government wants to make people who do this or hack etc. criminals they seriously need to start acting like its illegal before they start criminalizing people for the stuff they do Otherwise why would it be illegal if your doing the exact same thing. Treat others how you would like to be treated!

Darth Shiv Darth Shiv said:

Sorry Edward, I didn't realise you were online.

Maybe you could contribute positively by helping to strengthen your countries cyber security instead of spamming anarchist nonsense.

Yeah actually I've been advocating 6-7 year old modern security protocols for... 6-7 years. Why is no-one using them on mainstream websites hey? And better yet, if you didn't notice, Snowden didn't put the vulnerabilities in either.

Blame your NSA. They should be helping cyber security.

And again nice troll.

Guest said:

Tbh I'm not really sure who to believe anymore.....

Guest said:

@ agissi : That is exactly what came to mind when I read the article title.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.