Orange Spain faced a significant internet outage when a hacker infiltrated the company’s RIPE account, exploiting vulnerabilities in BGP routing and RPKI configuration. Border Gateway Protocol (BGP) is pivotal for internet traffic routing, allowing organisations to associate IP addresses with autonomous system (AS) numbers and share them with connected routers.
However, the incident showcased the vulnerability of BGP, as a malicious actor manipulated the AS number associated with Orange Spain’s IP addresses. This unauthorised configuration led to a redirection of traffic, causing disruption for ninety minutes.
RPKI: A Cryptographic Shield Against BGP Hijacking
To mitigate such risks, a standard known as Resource Public Key Infrastructure (RPKI) was introduced. RPKI acts as a cryptographic solution, certifying that only authorised routers under a network’s control can advertise an AS number and associated IP addresses. This prevents rogue networks from announcing IP ranges improperly.
The Anatomy of the Attack: A Brief Overview
The hacker, known as ‘Snow,’ gained access to Orange Spain’s RIPE account, prompting concerns about the security measures in place. The attacker manipulated AS numbers and implemented an invalid RPKI configuration, causing service disruption.
It was revealed that the breach likely occurred due to stolen credentials via information-stealing malware. The compromised credentials, including a weak password (‘ripeadmin’), were traced back to a malware infection on an Orange employee’s computer.
Securing the Future: Lessons Learned
Orange Spain has since restored its services, emphasizing that customer data remained uncompromised. However, the incident underscores the need for robust security practices, including two-factor or multi-factor authentication, to thwart potential breaches.
RIPE conducted an investigation, restoring Orange’s account and urging users to update passwords and enable multi-factor authentication.
This incident highlights the critical importance of securing online infrastructure. Netcelero, a proud member of RIPE, encourages all size businesses to prioritise security measures to safeguard against evolving cyber threats. Netcelero is committed to empowering organisations with innovative cost- effective SaaS solutions for simplified and secure connectivity.
Get in touch with Netcelero’s trusted specialists today to discover more about maintaining a secure connection and protecting your network and assets.