Massive Man-In-The-Middle Attack Routing Through Iceland

In a report released my security firm Renesys this Thursday, it has been discovered that nearly 80% of all internet traffic in the US is being routed through servers in Iceland, Russia, and Belarus. While many suspect this could be the work of the NSA, the nature of the attack suggests it is likely a criminal enterprise who is piggybacking on the systems put in place by the rogue agency, rather than the government themselves.

Whoever is doing it, is almost certainly up to no good. It seems likely that the attacks are for criminal purposes, rather than government espionage, but it certainly could be done either way. Renesys gives a few examples of the hijackings, starting with a brief one in February of this year, in which global traffic was redirected to an ISP in Belarus, where the traffic had no reason to be. Renesys gives a single example of a trace showing a packet supposedly going from Guadalajara, Mexico to Washington, DC… but with quite the detour:

“Instead, however, PCCW gives it to Level3 (previously Global Crossing), who is advertising a false Belarus route, having heard it from Russia’s TransTelecom, who heard it from their customer, Belarus Telecom. Level3 carries the traffic to London, where it delivers it to Transtelecom, who takes it to Moscow and on to Belarus. Beltelecom has a chance to examine the traffic, and then sends it back out on the “clean path” through Russian provider ReTN. ReTN delivers it to Frankfurt and hands it to NTT, who takes it to New York. Finally, NTT hands it off to Qwest/Centurylink in Washington DC, and the traffic is delivered.”



To prevent these kinds of attacks from happening to you, you should always employ the most up-to-date anonymity services such as PureVPN. PureVPN has been dedicated to users privacy for nearly half a decade, providing dozens of available servers and thousands of IP addresses for you to choose from whenever you want to connect to the net under a cloak of security secrecy.