In network security circles, this is what’s known as a Man-In-The-Middle attack. And for years it has been understood to be possible in theory, but never seen in practice.
Uh, no. What happened here was a BGP hijack, which has happened MULTIPLE times over the last few years. IIRC the one with the biggest fallout was some Pakistani ISP which fucked up a YouTube block order - they broadcasted the null-route to the entire Internet and Google couldn't do anything, lol.
And even "normal" MITM attacks have been done for years now. Every ISP doing censorship, BitTorrent throttling and anything that interrupts normal packet flow does active MITM attacking, and the NSA listening posts are passive MITM posts.
With all due respect, one thing that gets really tiresome on this board is the "OMG, this person is soo stupid because they don't know nearly as much as I do about this one particular topic" tone in this comment. If you started your comment with "what happened here was..." you'd come across as knowledgable and helpful to those of us who aren't knowledgable in this field, rather than (please forgive my saying it) an asshole. Maybe try thinking "what if someone wrote this to/about me" before hitting Submit. Just trying to be helpful in my own way, pardon me if it's unwanted.
edit: my point had nothing to do with the content of the article. It was more just saying "hey, effective written communication is a tricky thing. Where the author of the article may have failed in some of the important technical details of the article, you have also failed in presenting your corrections in a somewhat offensive manner. Maybe consider the _how_ next time in addition to _what_ you are trying to convey."
But the average person has been given the impression, however inadvertently, that the average "hacker" is engaging in clandestine, nefarious activities on the Internet. When I was in University I lost count of the number of people who freaked out because they saw me using a terminal and vim from my laptop during class.
This article refers to attackers, not hackers. The work "hack" does not occur once in the article. Calling these people attackers is accurate, and doesn't do anything to contribute to the people you describe thinking of you as a criminal, unless you think rerouting traffic in this way is in some way legitimate.
That isn't the complaint about this particular article. The complaint about this article is the botched reporting on what happened, and what MITM attacks are. This criticism was defended by pointing out that misinformation from the media has the potential to have a negative effect. An example given of this was the careless use of the word "hacker" by the media "in general".
jlgreco is correct regarding my meaning and intentions. I have a problem with the lack of accuracy in technical reporting because it's usually sensational (and I'm sure this is true in other disciplines as well).
> Thanks to people like the author, the average person thinks you and I are criminals.
This hardly seems like a reasonable characterization. The author got a technical detail wrong. How does that connect him to people who vilify "hackers"? He didn't even use that term.
Because getting a "technical detail" wrong in this day and age is not a minor thing. An average person would see the title of the website we're on and conclude that illegal activity happens here, thanks in part to the media and their misuse of "technical details".
If you're in the media, don't talk about things you don't understand!
This makes no sense. First, getting technical details wrong has nothing to do with vilifying hackers. Some journalists get technical details wrong. Some journalists vilify hackers. These are independent facts and linking them is terribly unsound logic.
Second, if you're a journalist, you are pretty much guaranteed not to be an expert in the fields you report on, because you're a journalist, and not a networking engineer, or a software developer, or a doctor, or a lawyer, or a professional in whatever other field you might be reporting on. Journalists have an obligation to report factually and correctly to the best of their ability, but they are not infallible.
Also, the technically incorrect piece of this article seems pretty minor. I don't understand why some people are getting so worked up about it.
Also, the technically incorrect piece of this article seems pretty minor. I don't understand why some people are getting so worked up about it.
Because the effort it would have taken to not make the mistake is so minimal (Google: BGP, first result is wikipedia, read for a few minutes), that it carries rather unfortunate implications for the author and their attention to detail, and by extension their qualifications as a journalist.
Journalists have an obligation to report factually and correctly to the best of their ability, but they are not infallible.
With the above in mind, I'll bet you $large_amount_of_cash this is never corrected.
[Disconnection the discussion from something that we are personally connected to...]
Is it preferable for a newspaper to report on a new medical study and publish Yet Another(tm) "Researchers at [University] find cure to cancer" story, or, is it better for the newspaper to refrain from talking about the medical paper entirely?
Personally, I have to go with the later. Given the choice between botched reporting and no reporting, I'll go with no reporting. It is better to be uninformed than misinformed. It is easier to correct 'uninformed' and the state of 'uninformed' is easier for self-aware people to recognize in themselves.
Consider the fallout caused by the media botching the reporting of the FTL neutrino anomaly. People lost their jobs because reporters could not be arsed to do theirs.
The OP was being shoddy by starting off with the one thing in the article wasn't inaccurate - the attack really involved a man-the-middle strategy, just one that also involved BGP hijacking. If the OP hadn't started that way, it would have easier to "hear" the point about the next few rather egregious lines:
"And for years it[either man-in-the-middle or BGP attacks] has been understood to be possible in theory, but never seen in practice[!?!]. That changed earlier this year when someone — it’s unclear who — diverted Internet traffic from some 150 cities around the world through networks in Belarus and Iceland."
It is worth noting how wrong that is but being accurate when you point to someone else's wrong stuff is one of the first principles.
Why can't we be capable here of reading past the tone (whether monotone, "offensive", nagging, trying to sell us something, or whatever else)? If you're trying to get votes (or upvotes) then sure, worry about your tone. If you're trying to win friends and influence people, fine, worry about your tone. I know I've sometimes intentionally phrased things in different ways than I normally would to head off certain snarky remarks (whether that snark is a "don't be offensive!" comment or a "hey that's just your opinion, man" comment or something else unhelpfully meta), but it's very nice not to have to worry about such things in general.
I dunno, I find the people who don't care about tone and think themselves above considering feelings are the most overly sensitive and easily outraged when criticized.
Its easy to disregard tone when its somebody else's feelings at stake, much harder to look past tone when its your feelings on the line. Nobody is above the fray.
Maybe we need a robustness principle[1] for human communication. Be conservative in tone you send out, liberal in what you accept.
Some of us operate by Crocker's Rules: http://sl4.org/crocker.html As the page says, Crocker's Rules don't magically allow you to insult others, but they don't magically forbid it either. They're purely a signal for others when they communicate to you.
General standards of conversation (aka not being a dick) forbid you from insulting others. Your adoption of Crocker's rules do not change that, as clearly communicated by the linked page.
> Note that Crocker's Rules does not mean you can insult people; it means that other people don't have to worry about whether they are insulting you.
Your tone still matters unless you are communicating with someone else who is operating under Crocker's Rules.
Two people using Crocker's Rules should be able to communicate all relevant information in the minimum amount of time, without paraphrasing or social formatting.
While I like the idea of that in theory, I have to say I think it's operating on the somewhat flawed premise that tone and other flourishes offer no informational benefit. I view tone as a "hint" for the context of the surrounding statements, and as such, it can alter the interpretation of them. This is useful for efficient communication.
I think Crocker's Rules will help people will communicate the correct information efficiently, but I don't think it's necessarily in the minimum amount of time, just a better average case time. It's probably very useful in situations where the shared social context of the communicating parties are distinct enough that the hinting provided by tone is misinterpreted, which can be common on the internet, where disparate cultures clash and there's no visual channel to additionally help communication.
The thing is, name calling the author provides no useful information (being nice and being mean can be equally useless if you discount interpersonal dynamics). It's just injecting noise into the post. And it's how the post opens so it does set the tone for the rest of the post, and people will be less inclined to read beyond it because the only signal provided in the first sentence suggests that the rest of the content is likely to be an emotionally inspired rant.
Surprisingly, tone on Hacker News matters as much as content. I write very (too) concisely. It comes off as cold and is read as snarky or boasting quite often. Then I just get critical replies about tone, which drives the conversation off the point.
Because tone is a another channel of information, and one we've been trained to acknowledge as part of the message, even if subconsciously, all our lives.
For a very simple example, tone may convey confidence. If that confidence is in a statement that people find reasons to doubt or disagree with, depending on their own confidence they may feel more or less compelled to disagree.
Totally agree. For the most part, that article was quite good, even though some of the details were off. It's almost like disregarding the entire article for a spelling mistake.
It's good to point out the faults where the information is wrong - but relax on the tone.
I appreciate it when the top-voted comment tells me the bullshit level of the linked article, so I can decide if it is worth to actually click through. In this care it seems that it is not.
I'm going to say that the comment's tone was justified. The article makes strong allegations that aren't backed up by the facts. The onus is on the author to provide evidence and to understand the topic at a sufficient level to make their allegations meaningful.
If someone writes an article claiming someone is a murderer and they use DNA evidence to back their story, except they have no idea how DNA evidence even works or what DNA even is and, more so, the evidence does not actually back up their claims, well, that person is deserving of ridicule. It's not those who do the ridiculing who have breached the wall of propriety, it is the author who has done so.
The same is the case here. If you want people to treat your mistakes kindly, if you want to be treated with propriety and respect, then you need to be fucking circumspect about the allegations you lay down and you need to have an understanding of the lines of evidence you purport to bring to bear.
If this was the mainstream media, I'd agree but this article was put out by a supposedly technical journal. We DO expect more from them. And why would a detail-oriented group of hackers expect less?
The researchers who analyzed this attack call it a "Man-In-the-Middle (MITM) hijack", which makes this whole subthread kind of pointless since the journalist is just using the terminology of the original research.
And if you're interested in how the internet works at this level (BGP, peering, ISPs), the book "Tubes: A Journey to the Center of the Internet" is interesting reading.
As pointed out by others, your tone suggests dismissal of the article. The article is interesting and informative and as an old network admin I took little issue with them using the term man-in-the-middle. Further, Wikipedia's definition seems to support using the term the way the author does:
> a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
In the article, the connection is being controlled by the attacker after breaking into and controlling an innocent ISP's BGP advertisements. The attacker also provide a means to route the data back out another connection as well, which implies something was sitting in the middle of the connection grabbing and redirecting data to another connection that hadn't had it's BGP tables altered. (If it hadn't, the data would have just gone in a loop at the ISP.)
In the other cases of BGP 'hijacking', the data simply disappeared because it wasn't routed back out to the Internets. If someone null routed Gmail, well, it won't work because I wouldn't get any data back to run the browser view. In this case, the data made it back to where it was going, which implies the conversation is being controlled by the attacker.
I'm ignoring your last point as it seems a bit off topic. Censorship and subversive BGP activities have little to do with each other.
I think you are not taking into account that he's writing this for a, what i would call, moderately technical audience. In a sense it -is- a man in the middle attack as someone seems to have tried to put himself between the internet user and the requested service. To explain it as such at least makes it easier to understand for 'normal' people even if it's not 100% correct which in this case for this audience is just not that relevant.
A "man in the middle attack" is not about sniffing traffic going between two other people. It's about impersonating the two people to each other - telling Alice that you're Bob, and telling Bob that you're Alice.
IIRC the one with the biggest fallout was some Pakistani ISP which fucked up a YouTube block order - they broadcasted the null-route to the entire Internet and Google couldn't do anything, lol.
Also the author shouldn't rule out Halon's razor[1]. Advertising the wrong AS is often caused by incompetence or mistakes of network engineers. Note that I'm not a network engineer (I'm a linux monkey by trade), but know you can do BGP AS path filtering[2] ala ACLs to prevent a rogue/incompetent entity from advertising routes that dont' belong to them. If more ISPs would simply lock down their routing infrastructure a bit more, a lot of these types of attacks would be rendered mostly void.
I think the above quote says more about the intended audience of the piece than it says about the author. That is actually the exact line where I stopped reading. However, I didn't stop myself thinking, "Man what an idiot this author is," but rather, "Ooops I accidentally started reading an article about something I do professionally, but intended for a layman audience."
Obviously this is an entertainment piece, not a technical write up. If you think the content isn't right for you then read something else.
I don't really understand how that works. After all I don't think a normal Internet can hijack BGP, they need to be able to announce routes. So if an ISP announces low-cost routes, you know who did it -- unless the ISP's security was breached quite severely.
So, can't you just asked the ISPs who announced those fake routes if they were hacked, and if not, demand an explanation? (And if no explanation comes forth, stop peering with them)
A much more competent article written by the researchers themselves explained that they did contact the Iceland ISP involved in one of the attacks. Their reply stated that it was caused by a bug in a vendor's software that was resolved after a patch. The ISP wasn't interested in looking into it any further.
Also interestingly, somebody tried to submit that article yesterday. I know because I tried to submit it myself, and found that I'd been scooped. It got no responses and almost no upvotes, until allthingsd added the "MITM" keyword that people here recognize. It might be inaccurate - the attack seems to enable MITM rather than being MITM itself - but it got some much needed publicity for the story.
If an ISP is involved in a major hijacking like this, and doesn't sufficiently explain their actions -- shouldn't ISPs start refusing to accept routes from their AS? Just like browsers drop CAs that mess up, shouldn't the same happen to ISPs?
It will be interesting to see how this rolls around. I have listened to people complain about the insecurity of BGP for years. Got to experience a bit of it when a bad router update our ASIN in it and sent our traffic out and about briefly (fortunately just pushing up latency not killing the web site.)
It is currently the most effective and useless DDOS strategy to push a black hole route out for the 'target.' Effective since all their packets will stop getting to them, useless because it points exactly at the point where it is coming from, and NOCs have gotten reasonably good at working around bogus advertisements. So it is short lived.
Tracing packages would do it, a false route would be longer as is explained in the article, where a package from Mexico suddenly -instead of just being sent north- is crossing the Atlantic and the length of Europe twice over, to get to D.C.
By knowing what IP ranges the smaller ISPs own. If a small A connects to bit B, and B knows that A has IPs 123.234.., then it should not accepts routes that route other IPs to A.
It's not that simple, an ISP that has multiple peering partners doesn't just accept traffic for its own IPs, but also for those of its peering partners (and their peering partners, recursively).
Content wise yes. Font size no. Font is so small it is almost unreadable.
Take-away: To improve time spent on site, and return visitors computing.co.uk should increase the font size!
That just reminded me of an (urban) story where a man went to Fairy Liquid and offered to increase their profits by 25%. He wanted 5% of the 25% increase. They signed contracts and agreed to the deal. The simple solution was to make the hole 25% bigger. The customers squeezed just the same and 25% more came out. Profit.
I heard a similar story about Listerine. A canny marketing manager boosted sales by realising everyone used the cap to measure doses. He made the cap bigger.
Interestingly, the two UK cities marked on the map appear to be Bristol or Cardiff, and... somewhere in the middle of nowhere in Cumbria? Why not London, Manchester, Birmingham etc.?
And even "normal" MITM attacks have been done for years now. Every ISP doing censorship, BitTorrent throttling and anything that interrupts normal packet flow does active MITM attacking, and the NSA listening posts are passive MITM posts.