Recently we seem to be hearing more and more security exploits aimed at core Internet protocols. In July, Dan Kaminsky revealed a critical exploit aimed at the DNS protocol.
A couple of days ago “[t]wo security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.” See Revealed: The Internet’s Biggest Security Hole | Threat Level from Wired.com for more detailed reporting.
According to Wired.com,
The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.”
. . .
Anyone with a BGP router (ISPs, large corporations or anyone with space at a carrier hotel) could intercept data headed to a target IP address or group of addresses. The attack intercepts only traffic headed to target addresses, not from them, and it can’t always vacuum in traffic within a network — say, from one AT&T customer to another.
The clever trip the researchers have done is to
use a method called AS path prepending that causes a select number of BGP routers to reject their deceptive advertisement. They then use these ASes to forward the stolen data to its rightful recipients.
All these core protocol exploits have direct impact to cloud computing as the nature of cloud computing is that computing will happen out there on the Internet somewhere. According to the article,
The method conceivably could be used for corporate espionage, nation-state spying or even by intelligence agencies looking to mine internet data without needing the cooperation of ISPs.