Hackers exploit trust in BGP routing to net $29 million in ad fraud
In November 2018, the criminal hacker group 3ve found a new way of exploiting security weaknesses in the Border Gateway Protocol that allowed them to take control of IP addresses belonging to the US Air Force and other reputable organisations; the result was to net them $29 million in fraudulent advertising revenue. The scheme involved a thousand servers that impersonated human beings viewing ads on bogus pages run by 3ve; to camouflage the origins of the traffic the page requests were channelled through millions of IP addresses, some belonging to computers the attackers had infected with botnet software but most hijacked by skilfully exploiting both the technical nuances and the trust and social contracts that underlie the operation and interconnection of BGP's autonomous systems (ASs). The groundwork for the attack began as early as 2013, when 3ve created its own AS in Eastern Europe; the attackers spent four years building a position of trust for it before beginning to exploit it to exploit other networks and defunct systems.
Writer: Dan Goodin
Publication: Ars Technica