Hacking Team and a case of BGP hijacking
vendredi 10 juillet 2015 à 15:48GuiGui's Show - Liens 10/07/2015
« After just a few hours the Hacking Team emails archive has already provided many tasty leaks. I want to focus on a routing security issue since this is my main research activity for this year.
Short summary: if these emails are true, and so far nobody has found any credible reason to believe that they are not, then some major italian ISPs hijacked the IP addresses of a foreign ISP on request of the section of the Carabinieri which investigates terrorism and organized crime.
The goal was to recover access to some copies of the Hacking Team malware which were controlled by "anonymizer" VPSes hosted on the hijacked network and that were abruptly disabled by their provider.
Thanks to the great RIPEstat service I have been able to verify that indeed the network 46.166.163.0/24 was announced by AS31034 (aruba.it, a large italian hosting company) in 2013, from august 15 to 22. »
Via https://twitter.com/bortzmeyer/status/619487993045360640
(Permalink)
Short summary: if these emails are true, and so far nobody has found any credible reason to believe that they are not, then some major italian ISPs hijacked the IP addresses of a foreign ISP on request of the section of the Carabinieri which investigates terrorism and organized crime.
The goal was to recover access to some copies of the Hacking Team malware which were controlled by "anonymizer" VPSes hosted on the hijacked network and that were abruptly disabled by their provider.
Thanks to the great RIPEstat service I have been able to verify that indeed the network 46.166.163.0/24 was announced by AS31034 (aruba.it, a large italian hosting company) in 2013, from august 15 to 22. »
Via https://twitter.com/bortzmeyer/status/619487993045360640
(Permalink)