cryptonews.net
Amazon lost control of its IP Space in BGP hijacking for the second time in 4 years. It took more than 3 hours to take back control of host cloud services and as a result, cybercriminals were able to steal nearly $235,000 in cryptos from customers of one of the affected users. With the help of the BGP hijacking, hackers managed to gain access to over 255 IP addresses. This is a form of a hacking attack that seeks weaknesses in a core Internet protocol and tries to exploit them to the maximum effect.
BGP, also known as Border Gateway Protocol, is a technical tool utilized by companies that route traffic. These companies are known as Autonomous System Networks, and they use BGP in order to connect with fellow networks. BGP is mainly dependent on the Internet equivalent of word of mouth for companies in order to control IP addresses belonging to ASNs. This remains true despite the fact that it has an essential function in routing huge amounts of data in the whole world in real time.
How Hackers Stole A Lot of Money
Autonomous system 209243 belonging to the network operator Quickhost.uk, which is based in the United Kingdom, last month announced its infrastructure was the appropriate path for other ASNs to gain control of a 7/24 block of IP addresses that are part of AS16509, one of at least three ASNs operated by Amazon. The IP address which was representing cbridge-prod2.celer.network was the hijacked block and this subdomain is a part of the Celer Bridge cryptocurrency exchange which provides a unique user interface.
Due to the fact that a lot of people are concerned about this fact, Bitcode Method has published news lately. As we read on this website, on August 17, the hackers used hijacking in order to gain control over a TLS certificate for cbridge-prod2.celer.network, and later informed authority GoGetSSL in Latvia that they owned a subdomain. As they owned the certificate, hackers were able to bring their own smart contract on the same domain, so whenever people would visit the real Celer Bridge cbridge-prod2.celer.network page, they would be able to steal money. As a result, they were able to steal a total of $234,866.65 from 32 accounts.
Amazon representatives have not yet made announcements in regard to this topic in recent days. So far, they have not responded to any email, so the picture is not entirely clear of how Amazon will resolve this issue, but we will announce any kind of news immediately in regard to this matter.
This Is Not The First Time
Apparently, this is not the first case of hackers stealing funds on Amazon. The platform experienced a similar BGP attack on IP addresses 4 years ago that induced considerable losses of digital coins. Amazon’s Route 53 domain name system service was under attack in 2018 and more than $150,000 was stolen in cryptocurrency from account holders with MyEtherWallet.com. Due to the fact that criminals used a self-signed TLS certificate that requires victims to click through a warning the damage was not that big. Experts were saying that in case hackers used a browser-trusted TLS certificate the number of stolen funds would be much higher.
After this attack, Amazon decided to implement over 5,000 of its prefixes to route origin authorizations, which are public documents indicating the proper ASNs who have the right to announce IP addresses. By doing so, the platform would be protected from a resource public key infrastructure, that is responsible for connecting ASN to their rightful IP addresses with the help of digital certificates.
It is worth noting that Amazon is not the first platform that experienced a BGP attack in the last decade since several cloud operators also lost control of their IP addresses. Oftentimes websites have clumsy configurations which is the major reason for being vulnerable to BGP attacks, so fraudulent instances have been reported several times over the last few years. This is clearly a problem for the whole industry as they don’t know how to carry out security measures, so Amazon alone is not able to resolve the issue.
On the flip side, Amazon should be responsible in this case and explain to customers why it has taken three hours to solve the problem. Given the fact that it is a tier-1 cloud provider that has experienced two BGP attacks and losses of huge amounts, Amazon should be able to build a plan in order to prevent such instances in the future. Instead, they are quiet for 5 weeks, and we have not heard any kind of announcement on their behalf which is concerning for the majority of users.