The Rise of BGP Hijacking and Why You Need a Response Plan Immediately The primary consequence of this kind of attack is that hackers can reroute information to different locations.

By Deepak Gupta

Opinions expressed by Entrepreneur contributors are their own.

Border Gateway Protocol (BGP) Hijacking is one of the many famous attacks hackers deploy to interfere with content delivery networks (CDNs). Hackers may also be capable of interfering with cloud hosting providers. Recently, almost all major cloud service providers like Google, Amazon and GoDaddy have become victims of BGP Hijacking.

How does a BGP function?

Before getting into the depth of how BGP hijacking occurs, it is important to delve into BGP. BGP is essentially a routing protocol that can connect several networks. This congregation of networks is known as an Autonomous System (AS). A routing protocol is used to transfer information or data packets across several networks.

Typically, an AS consists of ISP providers, large tech enterprises, or in some cases, networks that belong to governments. Every AS receives a unique number responsible for controlling a specific set of IP ranges or spaces known as prefixes. Every AS displays the list of IP addresses they control and possible pathways to neighboring routers or Peers during data packet routing.

The information regarding the peers and the IPs in control are stored in routing tables and frequently change when new networks and shorter pathways appear.

Related: For the Average Hacker, Your Small Business Is an Ideal Target

The anatomy of a BGP hijacking

The primary consequence of BGP hijacking is that hackers can reroute information traveling through a network to different locations. They can do so using the following steps:

Route announcement

The first step is to send out an announcement of new BGP routes. This announcement will only be believable if it is announced by a legitimate AS. The bad actor will use a compromised AS to do so. The route announcement usually involves releasing a table of all the available prefixes or IP ranges. If all goes well, they will announce new BGP routes to their global network peers.

IP specificity

The IP addresses chosen for display are more specific in comparison to legitimate IP addresses. In most cases, hackers employ unused prefixes, or IP ranges present on real and legitimate AS networks. This can help to improve the chances of concealing the hackers' identity drastically.

The information pathway is only intercepted if the hackers can prove that the new route is shorter. The more efficient they show their network to be, the more information will be intercepted.

Crafting the right response plan

BGP hijacking is one of the more prevalent cyberattacks currently. In fact, in April 2018, attackers infiltrated Amazon Route 53. They then went on to reroute 1,300 addresses hoping to steal cryptocurrency. The hackers were able to avoid suspicion by acting as a cryptocurrency website known as They subsequently stole around $150,000 in cryptocurrency from end-users. Therefore, companies, both big and small, require a response plan to incapacitate the attacker.

A typical incident response attack after a BGP hijacking takes place can be far from easy. This is because of how hackers can conceal themselves. However, in most cases, companies carry out a three-step incident response plan.

These steps include detection, containment and eradication. Of these, the containment step is especially challenging, given that route announcements can take place rapidly.

Related: Crypto Hacker's Data Vulnerable to FBI Through Palantir Glitch

Preventing BGP hijacking

To prevent this cyberattack, companies will have to either rely on the measures put forward by their ISP or implement their security measures. The latter has to take place if the company owns the AS network.

Companies that depend on the security measures put forward by their ISPs will have to constantly contact the providers to ensure that the vulnerabilities within the network are eradicated.

In the second case, an organization should consider carrying out the following steps:

  • Create a peering policy that can help peers to determine the legitimacy of the IP addresses. A company has a choice between an open peering policy and a selective one depending on its needs from its network.

  • MANRS (Mutually Agreed Norms for Routing Security) is a collection of best practices organizations can utilize to protect their networks from BGP hijacking. Therefore, it is important to incorporate this in the security measures.

  • Restrict the number of prefixes or IP ranges displayed by an AS network to limit the number of announcements being made.

  • Implement authentication checkpoints through which an operator has to go through before accepting an announcement.

In addition to this, organizations also turn to route filtering, real-time BGP update checks and more to ensure that hackers cannot hijack the network. However, an automated response tool is the most impressive and accurate security measure that an organization can invest in. This tool will work as both a detector and mitigation tool to help prevent hijacking.

Although there has been a rise in cases of BGP hijacking in the past few years, organizations today are more equipped to handle it with the drastic enhancement of security options.

Related: 5 Types of Business Data Hackers Can't Wait to Get Their Hands On

Deepak Gupta

Entrepreneur Leadership Network® Contributor

CTO of LoginRadius

Deepak Gupta is a developer, tech entrepreneur and cybersecurity leader. Gupta is the co-founder and CTO of LoginRadius, a cloud-based consumer identity platform.

Editor's Pick

Related Topics

Side Hustle

Anyone Can Start a Passive Income Side Hustle For Easy Money — But Only If You Know These 5 Essential Tips First.

The rise of digital automation technology has made starting a passive income side hustle easier and more accessible than ever before.

Side Hustle

He Launched His Creative Side Hustle Out of a Garage. Now It's Worth $225 Million.

Tom Humble, CXO and founder of E.C.D. Automotive Design, followed his passion for custom auto design into big business.


Don't Just Babble on LinkedIn — You Need to Carve Out Your Own Niche. Here's Why.

To ultimately unlock the full potential of your LinkedIn experience, you need to establish yourself as a thought leader in a specific niche. This is why (and how).

Business News

This Company Promised to Transform Drive-Thrus With AI — But the Secret Powering Its Tech? Humans.

Presto Automation Inc., one of several major players in AI-ordering tech, has made headlines for using off-site employees in places like the Phillippines.


How to Start a 'Million Dollar' Morning Routine

Restructure your morning with a few simple steps that may help to amplify your energy.

Growing a Business

How an Executive Coach Can Help You Set Better Goals — And Transform Your Business

Ways to enhance your competitive advantage — and psychological wellbeing — with the assistance of a seasoned, results-focused professional.