^ Top

NANOG Meeting Presentation Abstract

BackConnect’s Suspicious BGP Hijacks
Meeting: NANOG68
Date / Time: 2016-10-18 5:30pm - 6:00pm
This item is webcast
Room: Regency Ballroom (Banquet Level)
Presenters: Speakers:

Doug Madory, Dyn

Doug Madory is the Director of Internet Analysis at Dyn (formerly Renesys) where he works on Internet infrastructure analysis. In a recent profile, The Washington Post dubbed him “The Man who can see the Internet" for his reputation in identifying significant developments in the global layout of the Internet. Doug is regularly quoted by major news outlets (including The New York Times, NPR's All Things Considered, and NBC Evening News) about developments ranging from national Internet blackouts to BGP hijacks to transoceanic submarine cables. Prior to Dyn, Doug held positions such as chief of computer security for Dartmouth-Hitchcock Medical Center, senior research engineer at BAE Systems, and communications officer in the US Air Force. He holds computer engineering degrees from the University of Virginia and Dartmouth College.
Abstract: In early September 2016, security blogger Brian Krebs broke a story about an Israeli DDoS-for-hire service, vDOS, which had been hacked, revealing “tens of thousands of paying customers and their (DDoS) targets.” Afterwards, Krebs noticed that vDOS itself was also a victim of a recent BGP hijack from a company called BackConnect. The CEO of BackConnect defended this act as justifiable and said it was a one-time event.

Krebs then contacted Dyn for some assistance in researching what appeared to be a series of BGP hijacks conducted by BackConnect over the past year. What emerges from this analysis is that the hijack against vDOS probably wasn’t the first one conducted by BackConnect.

This talk will review multiple incidents where it appears that BackConnect used BGP hijacks and, via the use of forged AS paths, sometimes obscured their involvement in this activity. Separately, this raises the philosophical question of whether there could be justification for a "defensive" BGP hijack.

This talk will draw on the analysis in the following blog posts:
http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/
http://krebsonsecurity.com/2016/09/ddos-mitigation-firm-has-history-of-hijacks/
Files: youtubeBackConnect’s Suspicious BGP Hijacks
pdfBackConnect’s Suspicious BGP Hijacks(PDF)
Sponsors: None.

Back to NANOG68 agenda.

NANOG68 Abstracts

  • Conference Opening
    Speakers:
    David Temkin, Netflix; L Sean Kennedy, XO Communications; Josh Snowhorn, CyrusOne;
  • Conference Opening
    Speakers:
    David Temkin, Netflix; L Sean Kennedy, XO Communications; Josh Snowhorn, CyrusOne;
  • Conference Opening
    Speakers:
    David Temkin, Netflix; L Sean Kennedy, XO Communications; Josh Snowhorn, CyrusOne;
  • Security Track
    Moderators:
    Jesse Sowell, Standford University; Panelists:
    k claffy, CAIDA; Nolan Berry.
    Cory Schwartz.
    Speakers:
    John Kristoff, DePaul University; Yiming Gong.
    Qiang KeQihoo 360; .
  • Security Track
    Moderators:
    Jesse Sowell, Standford University; Panelists:
    k claffy, CAIDA; Nolan Berry.
    Cory Schwartz.
    Speakers:
    John Kristoff, DePaul University; Yiming Gong.
    Qiang KeQihoo 360; .
  • Security Track
    Moderators:
    Jesse Sowell, Standford University; Panelists:
    k claffy, CAIDA; Nolan Berry.
    Cory Schwartz.
    Speakers:
    John Kristoff, DePaul University; Yiming Gong.
    Qiang KeQihoo 360; .
  • Security Track
    Moderators:
    Jesse Sowell, Standford University; Panelists:
    k claffy, CAIDA; Nolan Berry.
    Cory Schwartz.
    Speakers:
    John Kristoff, DePaul University; Yiming Gong.
    Qiang KeQihoo 360; .
  • Security Track
    Moderators:
    Jesse Sowell, Standford University; Panelists:
    k claffy, CAIDA; Nolan Berry.
    Cory Schwartz.
    Speakers:
    John Kristoff, DePaul University; Yiming Gong.
    Qiang KeQihoo 360; .
  • Security Track
    Moderators:
    Jesse Sowell, Standford University; Panelists:
    k claffy, CAIDA; Nolan Berry.
    Cory Schwartz.
    Speakers:
    John Kristoff, DePaul University; Yiming Gong.
    Qiang KeQihoo 360; .
  • Security Track
    Moderators:
    Jesse Sowell, Standford University; Panelists:
    k claffy, CAIDA; Nolan Berry.
    Cory Schwartz.
    Speakers:
    John Kristoff, DePaul University; Yiming Gong.
    Qiang KeQihoo 360; .

 

^ Back to Top