Meanwhile, the yield on the US 10-year bond has broken down to 2% last night, but is now climbing sharply back above that level. Fed Chairman Powell said last night that economic conditions in the market have changed over the past two weeks, suggesting a continuation The Fed’s collapse from trying to normalize interest rates. However, Powell did not address a cut in interest rates this July, something that the bond market is probably priced out of. Chinese companies’ sophisticated method of “hijacking” Internet traffic
Two exceptional events that have occurred in recent months have led to China Telecom’s “takeover” of the networks that passed the information to Google services and European mobile carriers • Prof. Yuval Shavit, who founded a company that tries to prevent “hijacking” of network traffic, explains how Cyber-attacks, what Iranians do and how to defend Hacking, Phishing, Cyber - No matter what you call it, the public discourse on network information security usually revolves around events where one party, the attacker, breaks into a computer, cell phone, or some other computing system – A private person, a small business, a corporation or a huge government body, one or many. The attacker penetrates the systems, interferes with their activities, steals or assimilates information from them, and waits for an hour of fitness to take action later.
But what happens when all the internet traffic between users and dozens or hundreds of companies is “hijacked” and instead of reaching its destination in the short, fast and safe way – is it diverted to another destination? This type of attack is called IP hijacking, route hijacking, or BGP hijacking – the name of the routing protocol that is the core of the Internet network routing system, or in other words – the traffic light network that regulates traffic on the roads that travels all the information passing through the Internet. At an address hijacking event, if you continue with the traffic light image, the attacker takes over a traffic light, and instead of directing the traffic from Tel Aviv directly to Jerusalem – he passes it through Haifa or New York.The problem is that there is no smoking gun,” says Prof. Yuval Shavit, telecommunications specialist at the Tel Aviv University School of Engineering and VP of Technology at BGProtect. In an interview with Globes, Shavit explains what the Achilles tendon of the attack is and how it relates to tension and distrust Of the West versus China – against the backdrop of the trade war between the US and the West. Shavit’s company develops technology to prevent such attacks, and will discuss the topic of National Cyber Week, of the Center for Cyber Research at Tel Aviv University in collaboration with the National Cyber Array. (ISP) has a huge table of all the destinations in the world, “explains Shavit,” and for every destination he knows where to send each packet of information. Every communication provider is like a junction with lots of ports and entrances and at every entrance the supplier has to tell the information where it is supposed to come from. To arrange the process, there is a routing table that is updated automatically using a protocol like BGP. This can be done by hacking, but since these instructions can also be changed to manual inputs and outputs, it is enough to find the relevant employee in the company that will enter one manual entry. Provides one line out of hundreds of thousands of such lines. However, in order for someone to make the effort, they must probably be bribed for a lot of money and that amount will be compared with the value the intruder will get from the act. ”A recent case of this kind occurred when, as published on the website” Arstechnika “, Internet traffic designed to reach several major European mobile providers Through China Telecom’s state-owned China servers, the number of IP addresses that were compromised was estimated to be about 368 million, and in some cases incorrect routing takes about two hours, as well as other cases where network traffic is diverted through China – no indications can be found The cause of the network traffic is the one that initiated the detour to gain access to information, or live Lupine, that this was a mistake.
Another case that was advertised, and where no smoking gun was found, happened about seven months ago: Several millions of Google IPs were routed through China Telecom in a manner that compromised the availability of Google search services for about an hour. The attack also reportedly compromised the availability of services that use Google’s cloud services, such as Spotify music streaming service. Google claimed that they were “aware that some of the Internet traffic was affected by incorrect IP addressing in a way that affected access to some Google services. The root cause of the problem was external to Google and Google services were not compromised.”However, the Arstechnica website said at the time that “while Google said it had no reason to believe the attack was the result of a malicious hijacking attempt, it appeared to many to be suspect, partly because of the routing of traffic through China Telecom.” Experts who spoke to “Globes” explained that the concern was that what might be interpreted as a malfunction was actually a “well-planned hijacking of data that was apparently copied and analyzed later.” The headline “Register” regarding the same incident also implied that it was a complete malfunction, while playing with Google’s personal assistant service: “Ok Google, why your network traffic was hijacked and routed through Russia and China” Why do we actually have to worry about listening to network traffic, not most of the communication today is encrypted anyway?Not only can encryption be broken, the attacker can also worry in advance, in the attack, that encryption becomes weaker. For example, when a server-to-client communication is created, the client ‘says’ to serve which encryption protocol it supports. But if the network traffic is routed to another server – that “Tell” the customer that he cannot support advanced encryption protocol, but a weaker protocol – forcing them to use weak communications that are easy for an attacker to break through.
“The attacker actually performs a ‘low attack’ and thus lowers the encryption so that he can read the information that goes there. Recently, a student showed that a quarter of all servers on the Internet were exposed to this type of attack, which could break the strongest encryption – with less than $ 500 in Amazon Cloud (AWS) and an average of eight hours. We ourselves joined a US team that tested 41 million encrypted sites that support HTTPS, which means network-to-customer communications are encrypted, but still – we found that a quarter of them were exposed, including URLs This means that the person who “listens” to the traffic of those sites can read everything that goes there as if it is not encrypted, and the investment In this case it is small money.More so – if a customer browses a newspaper’s site to read a particular article, and I previously made a low-attack against the same site and swapped a picture of Bibi in the same photo, which this time also includes a Trojan horse virus – then I can then attack anyone’s computer To the same article. Think about it, no one broke into an organization or a media entrepreneur – it “happened” in the regular stream of information coming from the real site that the user himself surfed voluntarily, without phishing. ” How is this possible?Many Configuration Problems. A lot of companies are not careful about the way they manage their encryption keys, and use the same key or set of keys for sites that are considered very secure and new to which you are browsing, but also to all older archives that are less aware of And so they are less secure. In an attack that is cross-platform and cross-protocol, for example, the attacker attacks an old mail server in the organization just to use it to break the encryption to the most “crappy” web server that the organization has.It’s important for me to emphasize so that there is no doubt – encryption is a very important thing and I encourage everyone to encrypt the media because it makes it more difficult to attack, but you have to understand that the fact that something is encrypted doesn’t mean you can’t break into it. Enough bodies can break into almost anything.”
What is the benefit of the attackers in these types of attacks?Breaking into the media and listening to information traffic is something that gives you a lot of added value if you are a country, such as disclosing technological secrets. If you are a criminal, you can get information such as what the stock exchange report will be published in four days – allowing you to buy shares In short (short) and make a lot of money, while thehance of being caught is almost zero. “Is this kind of attack something that the Chinese and Russians are especially skilled at?Not at all. It’s important to make it clear that everyone is doing it, including the Americans, of course. There is evidence of that in Edward Snowden’s documents. The system we built is so much easier to catch attacks from bodies in Russia and China compared to the Americans. So yes, we have bias and we are aware of that, but We are not from the UN so that is fine. In any case, I always prefer that anyone who breaks into me be American and not Chinese. There’s a lot of focus on the countries we’re afraid of, but it’s not because they’re the only ones doing it. The Russians are just so much better and so it’s hard to catch them. “And the Chinese?To come and tell the Chinese, ‘Oh my’ and ‘No,’ ‘it’s very bad to steal’ – it’s hypocritical, because the other side is doing the same thing, including international relations – to blame a particular country for something everyone is doing makes no sense.So what we did in an article I published with Chris Demchak about six months ago was to go in another direction, which says that due to the West’s openness, China has created asymmetry in the whole topic of Internet treatment. This lack of symmetry allows the Chinese more extensive freedom of action in the West, As a result – easier ability to hijack traffic. The trouble is that there are those in the Democratic West who accept the fact that there is a lack of symmetry in many areas between them and China. If, 30 or 40 years ago, the lack of symmetry was justified – because China was still
a developing and weak country and wanted to encourage it – then today there is no reason for it. It is the second largest economy in the world, it is growing and has amazing capabilities in both science and manufacturing, so there is no more reason to give them discounts.In the field of Internet infrastructure, China is a closed fortress. There are only three Internet access points in China. Israel’s Internet is also well fortified, but unlike China, Israeli companies are not trying to operate in the world. There are no foreign communications networks like AT&T in Israel, only Israeli networks like Bezeq International or NetVision, which is good: Israeli companies are not trying to compete in the British or Italian market and become major telecommunications providers, but the Chinese are.The thing is, while Western companies can’t operate at all, Western governments allow Chinese telecom companies – owned by the government, such as China Telecom – to freely set up communications infrastructure.In the article, we collected cases where the kidnapping of traffic was done in North America. The attackers took advantage of China Telecom’s presence in North America to carry out kidnappings, which is what we specifically say to the US and Canadian governments: Do not allow it.”How does all this relate to the current conflict between the US, Europe and China around the equipment of the Wawi company?Wawai’s story is who will sell the media. What happens in the West is that there is American pressure – which more and more countries realize is justified – not to use Chinese equipment on telecom infrastructure, which is obviously critical, for fear that this equipment has all kinds of back doors that can be used In the future.Two months ago, a report in the United Kingdom revealed a lot of engineering problems in Chinese equipment that were not actually carried out in a hurry. According to the report, the level of engineering supervision of the same communication equipment was inadequate, and the same equipment could not be guaranteed from all kinds of break-ins. It’s great to keep track of the security breaches.
“The idea was not to allow Chinese companies to compete in tenders from major equipment suppliers in the West, which includes the US, Canada, the United Kingdom, Australia and New Zealand. It’s an effort today and probably a success – because the US is certainly not going to do it, as is Australia, and Canada tends not to. So it seems to be successful.here’s a big lack of symmetry here – that big suppliers can’t work in China, but China Telecom has a broad North American layout with ten ‘poops’ – points that have a lot of equipment – seven in the US and three in Canada. What we showed is that there were Chinese abductions that started from those puffs. There were others who didn’t, but there were some who started there. The fact that Chinese equipment has such a strong presence in North America makes it easier for them to hijack traffic. ” Apart from the big powers, what other players do you see in the field?We think the Iranians are trying to bypass the boycott by setting up strange companies abroad. We suddenly see that Iranian blocks, of Iranian addresses, move elsewhere – you have an address block that is famous in Iran, and suddenly it is famous in Europe and stops being seen in Iran.Apparently, there is another name for the company and it looks like a European company, but further investigation reveals that it is an Iranian company. It’s like any high-tech company can set up branches all over the world, a straw company, a subsidiary or an existing company, that cooperate with them and through which they perform all kinds of activities. “Again, these are not necessarily subversive actions such as spying or hijacking, and it seems more like an activity to circumvent economic sanctions on Iran.”How does “network” hijacking work?
If we deploy the Internet to the transport network, then the Border Gateway Protocol (BGP) routing protocol is the brain of its traffic light system and constitutes the core of the Internet network routing system. A router that operates through BGP maintains a table of the networks connected to it, and the connections between them and Other networks, and makes routing decisions based on the network connections and the policy manually dictated by the network administrator. “When we designed the BGP routing protocol, there were no longer any security issues,” explains Prof. Yuval Shavit. “The Internet was small and mainly comprised of research institutes and universities in the Western world and no one predicted its widespread use today. The user’s information is packaged in packets of information that travels from the network to the server and switches networks on the way, for example, the user wants to reach Google’s server so he passes through the Israeli network, for example NetVision, from where he goes to another network, in Europe and from there, directly or through more The information goes through some intermediaries along the way, but since the information is supposed to be encrypted, the user is not worried about it. ” “The answer from the server also makes the route back in a similar way, through some networks. In many cases the networks through which the return route is made are the same networks through which the route is reversed. As soon as the traffic is hijacked, all kinds of technological methods