BGP Hijacking
BGP hijacking redirects internet traffic by announcing false routing information through the Border Gateway Protocol, exploiting its trust-based design to intercept or disrupt communications.
BGP hijacking redirects internet traffic by announcing false routing information through the Border Gateway Protocol, exploiting its trust-based design to intercept or disrupt communications.
Continue your mission
BGP (Border Gateway Protocol) hijacking is an attack where a malicious actor announces illegitimate IP address prefixes through BGP routing, redirecting internet traffic intended for a victim network through attacker-controlled infrastructure. BGP is the protocol that determines how traffic is routed between autonomous systems on the internet, and it was designed without built-in authentication, making it inherently vulnerable to route manipulation.
The attacker, who controls a BGP-speaking router or has compromised one, announces IP prefixes belonging to another organization. Because BGP routers generally trust route announcements from their peers, neighboring autonomous systems propagate the false route. Internet traffic destined for the victim's IP addresses is then routed through the attacker's network. The attacker can intercept, modify, or drop this traffic before optionally forwarding it to the legitimate destination to avoid detection. More sophisticated attacks announce more specific (longer prefix) routes, which BGP prioritizes, ensuring the hijacked route is preferred over the legitimate one. State-sponsored attackers have used BGP hijacking to intercept encrypted traffic, cryptocurrency transactions, and government communications.
BGP hijacking can redirect traffic for entire networks, affecting millions of users. It has been used for cryptocurrency theft, surveillance, and denial of service. Because BGP operates on trust between network operators, mitigation requires adoption of RPKI (Resource Public Key Infrastructure) for route origin validation, BGP route filtering, real-time route monitoring services, and coordination between internet service providers. Organizations should monitor their own prefix announcements and deploy ROV to reject invalid routes.
CDA Theater missions that address topics covered in this article.
Rogue access point detection identifies unauthorized wireless APs on the network using WIPS sensors, wired-side monitoring, and signal triangulation to prevent network bypass.
LLM security risks include data leakage, prompt injection, model supply chain attacks, and unauthorized tool execution, requiring organizations to treat AI models as high-privilege components.
Written by CDA Editorial
Found an issue? Help improve this article.