Information Security News
Comparing their actions to the plot this season on the Showtime series Homeland, an attorney for former Fox News host Andrea Tantaros has filed a complaint in federal court against Fox News, current and former Fox executives, Peter Snyder and his financial firm Disruptor Inc., and 50 "John Doe" defendants. The suit alleges that collective participated in a hacking and surveillance campaign against her.
Tantaros filed a sexual harassment suit against Roger Ailes and Fox News in August of 2016, after filing internal complaints with the company about harassment dating back to February of 2015. She was fired by the network in April of 2016, as Tantaros continued to press complaints against Fox News' then-Chairman and CEO Roger Ailes, Bill O'Reilly, and others. Tantaros had informed Fox that she would be filing a lawsuit over the alleged sexual harassment.
Tantaros claims that as early as February of 2015, a group run out of a "black room" at Fox News engaged in surveillance and electronic harassment of her, including the use of "sock puppet" social media accounts to electronically stalk her. According to the lawsuit:
On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications.
Anomalies in the border gateway protocol—which routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks—are common and usually the result of human error. While it's possible Wednesday's five- to seven-minute hijack of 36 large network blocks may also have been inadvertent, the high concentration of technology and financial services companies affected made the incident "curious" to engineers at network monitoring service BGPmon. What's more, the way some of the affected networks were redirected indicated their underlying prefixes had been manually inserted into BGP tables, most likely by someone at Rostelecom, the Russian government-controlled telecom that improperly announced ownership of the blocks.
"I would classify this as quite suspicious," Doug Madory, director of Internet analysis at network management firm Dyn, told Ars. "Typically accidental leaks appear more voluminous and indiscriminate. This would appear to be targeted to financial institutions. A typical cause of these errors [is] in some sort of internal traffic engineering, but it would seem strange that someone would limit their traffic engineering to mostly financial networks."
The Internet is a network of networks. Each Autonomous system (AS) connects to the internet using a router that speaks the Border Gateway Protocol (BGP) to disseminate and receive routing information. The problem is that there is no authoritative way to figure out who is supposed to receive which IP address space (no, whois information is not authoritative). If I got a new IP address range assigned, or if I agree to route it as part of an agreement with another network, then I will use BGP to advertise this to the Internet. Sadly, nobody has figured out yet how to validate these advertisements. There are many proposals, but none of which has the necessary traction right now.
As a result, it is somewhat common for BGP abused to advertise IP addresses that an organization doesnt actually own. This can lead to a denial of service, or miscreants can start using it for aman-in-the-middle attack. BGPMon, a company that monitors BGP traffic for anomalies, just yesterday discovered how part of a netblock assigned to VISA was re-routed to Rosetelecom, a large Russian telecom provider. This may not be entirely the fault of Rosetelecom. Any of its customers could have sent the announcement. Of course, Rosetelecom should have noticed this as well.
So in short, what can you do about it?
1 - The internet is an untrusted network. Deal with it. Assume people are rerouting, eavesdropping and manipulating your traffic. Technologies like TLS will help you detect these issues if properly implemented. VPNs can help to secure trusted connections within an organization or between trusted partners. But this is exactly why you have to audit these configurations and make sure they are configured based on current best practices.
2 - Monitor if someone is trying to hijack IP address space you are using. Tools like BPGMon are useful to do so if you dont want to set up your own monitoring infrastructure, which is quite costly.
3 - If you do own IP address space, and if you do manage BGP yourself, then make sure you implement the few security features that are available. BPGMon has a nice blog post about some of the options