Did that title get your attention? What if a hacker could intercept all your internet traffic and:

  • Redirect it to another site
  • Return his own advertising on all sites you visit
  • Log all sites you visit, information you post, people you chat or e-mail with
  • And more scary stuff than I’d like to think about now
If that scares you, unplug your internet connection right now, because this is not a fictional attack. While it’s already public knowledge (OK, it should be public knowledge anyway) that you can force specific traffic to flow to your router (Pakistan, Youtube, does that ring a bell?), a new attack method detailed at Defcon allows you to do this nearly undetectable. 
I’ll quote the conclusions for the impatient:

  • We learned that any arbitrary prefix can be hijacked, without breaking end-to-end
  • We saw it can happen nearly invisibly
  • We noted the BGP as-path does reveal the attacker
  • Shields up; filter your customers.