BGP used to perform remote eavesdropping

Jewel from Defcon:

Hackers and corporations who can control a BGP router can exploit it to do remote eavesdropping, sucking up data with powers normally associated with intelligence agencies.

27b-6 Wired Blog

 

Interesting read, thanks.

 

Hello,
Not unless the ISP is really NOT making any effort to hold up to some bare minimum reasonable standards. I would not be missing too many hours of sleep over this.
Mrk

 

As said in the article though (I linked this in the other security news forum, must've beat me to it Xero), all it takes is one ISP not co-operating (meaning not at all or taking too long I assume), and the whole thing is still screwed. One thing I've learned from the business world, accountability is an afterthought, and money overrules risk. Besides, the term "reasonable standards" has always been open to interpretation among the penny pinchers and skeptical. The cold, hard truth is that the threat is real, it can be done virtually with no suspicious activity to announce, and we have to hope ISPs are willing to spend the money, time, and manpower to keep this from becoming a nightmare. We need to remember that ISPs are not all as big as MSN, Earthlink, and others, some are very tiny operations with few people manning them. It's these folks that we need to be concerned with.

 

Absolutely, I agree, at least it should be redesigned but I can´t imagine that this will happen in near future. Actually internet criminals are living in sort of digital el dorado and usual home user has no real intervention possibilities.