The Hijackers Guide To The Galaxy: Off-Path Taking Over Internet Resources

Authors: 

Tianxiang Dai, Fraunhofer Institute for Secure Information Technology SIT; Philipp Jeitner, Fraunhofer Institute for Secure Information Technology SIT, Technical University of Darmstadt; Haya Shulman, Fraunhofer Institute for Secure Information Technology SIT; Michael Waidner, Fraunhofer Institute for Secure Information Technology SIT, Technical University of Darmstadt

Abstract: 

Internet resources form the basic fabric of the digital society. They provide the fundamental platform for digital services and assets, e.g., for critical infrastructures, financial services, government. Whoever controls that fabric effectively controls the digital society.

In this work we demonstrate that the current practices of Internet resources management, of IP addresses, domains, certificates and virtual platforms are insecure. Over long periods of time adversaries can maintain control over Internet resources which they do not own and perform stealthy manipulations, leading to devastating attacks. We show that network adversaries can take over and manipulate at least 68% of the assigned IPv4 address space as well as 31% of the top Alexa domains. We demonstrate such attacks by hijacking the accounts associated with the digital resources.

For hijacking the accounts we launch off-path DNS cache poisoning attacks, to redirect the password recovery link to the adversarial hosts. We then demonstrate that the adversaries can manipulate the resources associated with these accounts. We find all the tested providers vulnerable to our attacks.

We recommend mitigations for blocking the attacks that we present in this work. Nevertheless, the countermeasures cannot solve the fundamental problem - the management of the Internet resources should be revised to ensure that applying transactions cannot be done so easily and stealthily as is currently possible.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {274630,
author = {Tianxiang Dai and Philipp Jeitner and Haya Shulman and Michael Waidner},
title = {The Hijackers Guide To The Galaxy: Off-Path Taking Over Internet Resources},
booktitle = {30th {USENIX} Security Symposium ({USENIX} Security 21)},
year = {2021},
isbn = {978-1-939133-24-3},
pages = {3147--3164},
url = {https://www.usenix.org/conference/usenixsecurity21/presentation/dai},
publisher = {{USENIX} Association},
month = aug,
}

Presentation Video