The attackers were able to announce more specific prefixes than Amazon was announcing itself. It was like Amazon said "give me all phone calls for the 415 area code," and the attackers said "give me all calls for 415-555-xxxx." In internet routing, the most specific always wins (down to the minimum prefix size of /24 most networks filter on).
A commonly accepted mitigation for BGP hijacking is to announce the /24's of your important assets as well as the covering prefixes. An attackers announcement of the same /24 will at worst capture _some_ of the traffic, rather than being seen as a more specific and capturing _all_ the traffic.
> The internet is fundamentally broken in this way; bad actors can cause disruption and woe for huge numbers of people. It's a giant problem, to be sure
So, now I guess we need people to explain how blockchain can solve this problem. /s
I'm not particularly surprised that the general media hasn't grasped the nuances of BGP; I just prefer to reserve jumping on Amazon for those moments where they, y'know... deserve it.
Readit News
The attackers were able to announce more specific prefixes than Amazon was announcing itself. It was like Amazon said "give me all phone calls for the 415 area code," and the attackers said "give me all calls for 415-555-xxxx." In internet routing, the most specific always wins (down to the minimum prefix size of /24 most networks filter on).
A commonly accepted mitigation for BGP hijacking is to announce the /24's of your important assets as well as the covering prefixes. An attackers announcement of the same /24 will at worst capture _some_ of the traffic, rather than being seen as a more specific and capturing _all_ the traffic.
So is this flaw Amazon's fault? I think not. Even your accepted mitigation doesn't fix the hole completely. It's still an internet problem.
So, now I guess we need people to explain how blockchain can solve this problem. /s
I literally laughed out loud the first time I saw it, too :)
I'm not particularly surprised that the general media hasn't grasped the nuances of BGP; I just prefer to reserve jumping on Amazon for those moments where they, y'know... deserve it.