Cryptocurrency Heist: BGP Leak Masks Ether TheftEssential Internet Infrastructure - DNS, BGP - Remains Vulnerable, Experts Warn
Want to steal cryptocurrency? Then spoof internet routing information to ensure that anyone who attempted to visit MyEtherWallet.com - a free, open source web app for storing and sending ether-based tokens - got routed instead to an attacker-controlled site.
See Also: A Toolkit for CISOs
That was the tactic practiced on Tuesday by one or more attackers beginning at 7:05 a.m. U.S. Eastern Time and continuing for about two hours, after attackers successfully created a border gateway protocol leak. BGP distributes routing information, enabling routers to connect users with specific IP address prefixes.
But attackers, not for the first time, were able to claim control of a range of IP addresses that they shouldn't have controlled, and then reroute all visits to those IP addresses to passively analyze the data, including log-in details for cryptocurrency accounts (see Who's Hijacking Internet Routes?).
Security experts say it's a reminder that BGP and DNS are in desperate need of a security overhaul. "BGP and DNS are the soft underbelly of the web," Alan Woodward, a professor of computer science professor at the University of Surrey, tells Information Security Media Group. "Hence it's not surprising that criminals have used these to hijack people's cryptocurrency."
Target: Amazon DNS Service
In the case of the Tuesday attack, it affected Amazon Route 53, a domain name system web service that's part of Amazon Web Services, says Cisco's Internet Intelligence. The service's name is a reference to port 53 on TCP or UDP, which is where DNS server requests get addressed.
Researchers say nearly 1,300 addresses got rerouted for the two-hour attack period to IP addresses associated with a Russian provider.
Correction: the BGP hijack this morning was against AWS DNS not Google DNS. https://t.co/gp3VLbImpX— InternetIntelligence (@InternetIntel) April 24, 2018
"You did not need to accept the hijacked route to be victim of the attack, just use a DNS resolver that had been poisoned," Louis Poinsignon, a network engineer at Cloudflare, says in a blog post.
"Neither AWS nor Amazon Route 53 were hacked or compromised," an AWS spokeswoman tells ISMG. "An upstream internet service provider was compromised by a malicious actor who then used that provider to announce a subset of Route 53 IP addresses to other networks with whom this ISP was peered. These peered networks, unaware of this issue, accepted these announcements and incorrectly directed a small percentage of traffic for a single customer's domain to the malicious copy of that domain."
Not all regions appear to have been affected by the attack. In affected regions, however, the vast majority of DNS requests to the affected IP ranges traveled via attackers' servers, according to Cloudflare.
The attack wouldn't automatically exploit users. But users that did click through security alerts could have been automatically exploited.
"If you were using HTTPS, the fake website would display a TLS certificate signed by an unknown authority (the domain listed in the certificate was correct but it was self-signed). The only way for this attack to work would be to continue and accept the wrong certificate. From that point on, everything you send would be encrypted but the attacker had the keys," Poinsignon says.
Users could then fall victim if they were already logged in, or if they then entered their information into the login page.
"If you were already logged in, your browser will send the login information in the cookie. Otherwise, your username and password would be sent if you typed them in on a login page," Poinsignon says. "Once the attacker got the login information, it used them on the legitimate website to transfer and steal ethereum," aka ether coins.
The fake HTTPS certificate served by the attacker was a bad move, because "people's browsers noticed," meaning anyone who heeded their browser's alert would have been safe. "HTTPS certificate warnings are there for a reason," says Matt Tait, a former information security specialist at Britain's GCHQ intelligence agency who's now a senior cybersecurity fellow at the Robert S. Strauss Center for International Security and Law at the University of Texas at Austin, via Twitter.
"But the attackers could have done a smarter thing: So far as HTTPS certificate providers are concerned, they were then in control of MyEtherWallet,com," says Tait, who tweets as @pwnallthethings. "They could have used LetsEncrypt (or someone else) to issue a live HTTPS cert for it, and browsers would have seen it as valid.
Caveat Cryptocurrency User
It's not clear how many MyEtherWallet.com users may have lost ether due to the attack, although some reports have suggested that 515 ether coins - as of Wednesday, worth about $320,000 - had been stolen and was already being rerouted through multiple wallets to make it toughter to trace (see Criminals Hide 'Billions' in Cryptocurrency, Europol Warns).
It seems that everything is now back to normal, BUT PLEASE STAY SAFE and read/share this guide: https://t.co/uBlsJ8IoNw— MyEtherWallet.com (@myetherwallet) April 24, 2018
It's also not clear how many other sites or services might have been subverted.
"The attacks only gained a relatively small amount of currency from MyEtherWallet.com - however their wallets in total already contained over [$28 million] of currency," British security researcher Kevin Beaumont, aka @Gossithedog, says in a blog post.
"Whoever the attackers were, [they] are not poor," he says.
MyEtherWallet says it is not responsible for any losses. Users of the site see a guide that begins with "MyEtherWallet is not a bank" and warns: "You and only you are responsible for your security."
The site adds: "We cannot recover your funds or freeze your account if you visit a phishing site or lose your private key."
Attackers Target Cryptocurrency
The heist is one more illustration that cryptocurrency and exchanges' infrastructure continue to be exploited as attackers continue to find numerous vulnerabilities (see Cryptocurrency Infrastructure Flaws Pose Bitcoin Risks).
The thing with cryptocurrency is it makes everyone a bank. And everyone doesn't have bank grade security. It's open season for criminals as bank heists just got so much easier.— Kevin Beaumont (@GossiTheDog) April 25, 2018
Attackers have previously used BGP to route internet traffic via attacker-controlled servers, sometimes on a massive scale, potentially for cyber espionage purposes.
And the Tuesday incident is not the first time that attackers have subverted BGP for unauthorized cryptocurrency gain (see Cybercriminals Go Cryptocurrency Crazy: 9 Factors).
In 2014, Dell Secureworks spotted a four-month campaign that involved redirecting traffic from major internet service providers to trick bitcoin-mining pools into sharing their processing power with attackers, giving them more bitcoin-generating power. Dell estimated that the attacker was able to use the free processing power to generate bitcoins worth about $84,000.
But the weaknesses in BGP that attackers are continuing to exploit have been well documented for more than two decades. They're a reminder that "the internet is held together with spit and chewing gum," says Surrey University's Woodward via Twitter.
One ongoing challenge is that BGP is not authenticated, and thus remains at risk of being spoofed.
The best way to explain BGP is it's the people in the pub who swear Dave is Dave as they've met him before. But sometimes they're drunk and mistake Dave for Dennis. It's understandable because Bob swore Dennis was Dave 12 pints in.— Kevin Beaumont (@GossiTheDog) April 24, 2018
BGP's Security Makeover: Overdue
But BGP could be updated to ensure that these types of attacks didn't succeed.
Needed fixes would come in the form of updated Domain Name System Security Extensions - DNSSEC - from the Internet Engineering Task Force, but no such efforts are on the horizon. "There has been talk for years about mitigating BGP and the track record for DNSSEC is woeful," Woodward tells ISMG. "Bottom line is that very little has changed in practice in these regards for many years."
In part, that's due to BGP's needed information security makeover facing geopolitical challenges. As Sharon Goldberg, a Boston University computing science professor, noted in a 2014 research paper, the BGP protocol "lacks a single centralized authority that can mandate the deployment of a security solution; instead, every organization can autonomously decide which routing security solutions it will deploy in its own network."
This story has been updated with a statement from AWS.