BGP Hijacking

BGP (Border Gateway Protocol) is the postal service of the Internet. It tells routers which path to take to reach an IP address. It was designed in 1989 on a napkin, assuming everyone on the internet was a trusted university professor. Today, it connects ISPs, Governments, and Criminals. And it still assumes Trust.

1. The Hijack (Prefix Hijacking)

BGP prefers the Specific Prefix (Most Specific Path).
1. YouTube announces `208.65.153.0/22`. (Broad range).
2. Pakistan Telecom tries to block YouTube locally by creating a "Blackhole" route for `208.65.153.0/24` (More specific range).
3. The Mistake: Pakistan Telecom accidentally announces this `/24` route to the global internet via their upstream provider.
4. The Result: Since `/24` is more specific than `/22`, the ENTIRE WORLD starts sending YouTube traffic to Pakistan. YouTube goes offline globally.

2. Malicious Hijacks (MyEtherWallet)

In 2018, attackers hijacked Amazon's DNS IP (Route53) via BGP.
They redirected traffic for `myetherwallet.com` to their own Russian server.
The server presented a fake SSL certificate. Users clicked "Ignore Warning".
Users typed in their crypto keys. Attackers stole the money.
This proved BGP security is critical for financial safety.

3. RPKI (Resource Public Key Infrastructure)

The fix for BGP. It adds cryptography to routing.
ROA (Route Origin Authorization): A digitally signed document that says "Only ASN 15169 is allowed to announce 8.8.8.0/24".
If a rouge ISP (ASN 666) announces 8.8.8.0/24, other routers check the ROA.
Invalid: The announcement is dropped.
Status: About 40-50% of the internet enforces RPKI today. It is growing, but slow.

4. Route Leaks

Different from Hijacking. A Route Leak is when an ISP accidentally becomes a "Transit Provider" for the whole world.
Example: A small ISP in Brazil accidentally tells Google "I can route traffic to Verizon".
Google sends all Verizon traffic to the small Brazil ISP.
The Brazil ISP melts down. Verizon goes offline for Google users.