1. What Melissa said. Big time. I’m not defending Michelle Obama, but Karl Rove is the scum of the Earth.
“It’s a huge issue. It’s at least as big an issue as the DNS issue, if not bigger,” said Peiter “Mudge” Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. “I went around screaming my head about this about ten or twelve years ago…. We described this to intelligence agencies and to the National Security Council, in detail.”
The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper’s network.
Anyone with a BGP router (ISPs, large corporations or anyone with space at a carrier hotel) could intercept data headed to a target IP address or group of addresses. The attack intercepts only traffic headed to target addresses, not from them, and it can’t always vacuum in traffic within a network — say, from one AT&T customer to another.
The method conceivably could be used for corporate espionage, nation-state spying or even by intelligence agencies looking to mine internet data without needing the cooperation of ISPs.
Which is probably why no one in the government or private sectors did anything to kill the exploit.
4. Arthur Silber has the first part of a magnum opus that dissects the near-total (or perhaps total?) failure of our current political system that is a must read.