Breaking HTTPS with BGP Hijacking

Presented at Black Hat USA 2015, Aug. 5, 2015, 11:30 a.m. (50 minutes)

BGP hijacking is now a reality: it happens often (mostly in the form of route leak due to misconfiguration, though), there's no practical way to prevent it, we have to deal with it. Internet routing was designed to be a conversation between trusted parties, but now it isn't, though it still behaves like it is.

However, people are used to believe that BGP hijacking is not a huge issue. Yes, a denial of service can happen, and some plaintext data may be disclosed to an attacker, but there's nothing more to it, since all sensitive data transmitted over the Internet should be encrypted already, and a man in the middle of the Internet cannot decrypt it or break into encrypted connection. So there's pretty much nothing to really worry about.

The problem is: the encryption is backed by SSL/TLS PKI, which itself trusts Internet routing. Now there's a way to exploit this trust, and we are going to show how, and to discuss how to prevent this from happening.


Presenters:

  • Artyom Gavrichenkov - Qrator Labs
    Artyom Gavrichenkov graduated from Moscow State University (CS department) in 2010. He has worked as a developer at the Qrator DDoS mitigation network since 2009.

Links:

Similar Presentations: