The ease of fraudulently manipulating the BGP system has long been recognized as a key weak point in Internet security. The Hacking Team e-mails (1, 2, 3, 4, 5, 6, 7, 8, and 9) move that risk out of the theoretical and into the practical. It also underscores the need for universal norms to be observed by service providers and for enforceable penalties when they’re breached.
“In general, the issue is that BGP is the underlying system for directing Internet traffic around the world and there is presently nothing to stop an entity from announcing another entity’s IP address space—effectively impersonating it,” Madory wrote in an e-mail. “These techniques can be used to intercept or manipulate the contents of affected Internet traffic or simply to ‘blackhole’ traffic.”