Orange Spain suffered an interruption in internet services this Wednesday, 3rd, after suffering a hacker attack that would have affected the mobile phone operator’s IP network coordination center (RIPE). The French company confirmed the attack, but assured that no customer information was violated. “We confirm that in no case was our customers’ data compromised, it only affected navigation of some services,” he stated.
In a post on ASN (Autonomous System Numbers) are hacked.
Internet traffic routing is done by BGP, which allows organizations to associate their IP addresses with autonomous system numbers and advertise them to other routers they are connected to, known as their peers. These BGP advertisements create a routing table that propagates to all other edge routers on the Internet, allowing networks to know the best route to send traffic to a specific IP address. However, when a rogue network advertises IP ranges generally associated with another autonomous system number, it is possible to hijack these IP ranges to redirect traffic to malicious websites or networks.
According to Cloudflare, this is possible because BGP is based on trust and the routing table will update based on which advertiser has the shortest and most specific route. To prevent this, a new standard called Resource Public Key Infrastructure (RPKI) was created that acts as a cryptographic solution for BGP hijacking.
“RPKI is a cryptographic record signing method that associates a BGP route advertisement with the correct originating autonomous system number,” explains a Cloudflare article on RPKI. By enabling RPKI with a routing body such as ARIN or RIPE, a network can cryptographically ensure that only routers under its control can advertise an autonomous system number and its associated IP addresses.
Attack on telecom operator affects Colombian government
Although Orange Spain did not disclose how its RIPE account was breached, the threat operator provided a clue in a screenshot posted to Twitter that contained the email address of the hacked account. Threat operators often purchase stolen credentials on cybercrime marketplaces, which are then used to breach networks to carry out data theft, cyberespionage, and ransomware attacks.
In a statement, Orange Spain guaranteed that the service is practically restored.
Source: CisoAdvisor