View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
April 25, 2018

Amazon Cloud Services IP Addresses Hijacked

Hijackers used the attack to steal cryptocurrency

By CBR Staff Writer

Amazon lost control of 1,300+ Amazon Cloud Services IP address for two hours yesterday, when hackers used a Border Gateway Protocol (BGP)-hijacking to reroute traffic to rogue destinations.

The incident hijacked addresses belonging to Route 53, Amazon’s domain name system service, Internet Intelligence said on Twitter.

Those responsible used the hijack to steal $17 million in ETH alt-coins from online cryptocurrency website MyEtherWallet.com.

Amazon officials said: “Neither AWS nor Amazon Route 53 were hacked or compromised. An upstream Internet Service Provider (ISP) was compromised by a malicious actor who then used that provider to announce a subset of Route 53 IP addresses to other networks with whom this ISP was peered. These peered networks, unaware of this issue, accepted these announcements and incorrectly directed a small percentage of traffic for a single customer’s domain to the malicious copy of that domain.”

Old but Effective

MyEtherWallet.com said: “This redirecting of DNS servers is a decade-old hacking technique that aims to undermine the Internet’s routing system. It can happen to any organization, including large banks. This is not due to a lack of security on the @myetherwallet platform. It is due to hackers finding vulnerabilities in public facing DNS servers. A majority of the affected users were using Google DNS servers. We recommend all our users to switch to Cloudflare DNS servers in the meantime.”

Engin Kirda, co-founder and chief architect at Lastline said: “Yet another BGP-hijacking attack. We have seen such attacks (or bugs) in the past and the incident reminds me of how Pakistan managed to redirect a lot of Youtube traffic back in 2008.”

He added: “What we are actually seeing is that the main routing infrastructure of the Internet in the last 10 years has not really changed and that such attacks are still possible today. Unfortunately, though, we are now faced with adversaries that are more motivated and that want to make a quick profit as the Amazon attack now demonstrates.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU