"Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.
tactic exploits the internet routing protocol BGP (Border Gateway
Protocol) to let an attacker surreptitiously monitor unencrypted
internet traffic anywhere in the world, and even modify it before it
reaches its destination.
The demonstration is only the latest
attack to highlight fundamental security weaknesses in some of the
internet’s core protocols. Those protocols were largely developed in the
1970s with the assumption that every node on the then-nascent network
would be trustworthy. The world was reminded of the quaintness of that
assumption in July, when researcher Dan Kaminsky disclosed a serious
vulnerability in the DNS system. Experts say the new demonstration
targets a potentially larger weakness.
"It’s a huge issue. It’s
at least as big an issue as the DNS issue, if not bigger," said Peiter
"Mudge" Zatko, noted computer security expert and former member of the
L0pht hacking group, who testified to Congress in 1998 that he could
bring down the internet in 30 minutes using a similar BGP attack, and
disclosed privately to government agents how BGP could also be exploited
to eavesdrop. "I went around screaming my head about this about ten or
twelve years ago…. We described this to intelligence agencies and to the
National Security Council, in detail."
attack exploits BGP to fool routers into re-directing data to an
Anyone with a BGP router (ISPs, large
corporations or anyone with space at a carrier hotel) could intercept
data headed to a target IP address or group of addresses. The attack
intercepts only traffic headed to target addresses, not from them, and
it can’t always vacuum in traffic within a network — say, from one
AT&T customer to another."
Source: Kim Zetter, wired.com
the whole article at http://www.wired.com/threatlevel/2008/08/revealed-the-in/