I'm a professor at Tel Aviv University. I'm also a member of the Blavatnik Interdisciplinary Cyber Research Center. In this aspect, I fully agree with Professor Slay that cybersecurity is not only about technology, but it is also an interdisciplinary problem.
There are other aspects, such as the legal and social aspects, etc., and at the centre, we do this. We do interdisciplinary research. I'm also the CTO of a company called BGProtect, which is related to what I'm going to talk about.
I've studied Internet routing for over two decades. About 15 years ago, I started an academic project called DIMES, in which, using volunteers, we followed Internet routing around the world. At the peak of the project, we had 1,500 software agents running on volunteer machines in more than 40 nations around the world, so we got a very good picture of how Internet world routing behaves.
About four years ago, we took all this expertise and started BGProtect, which is a company that wants to help government and international institutions strengthen their security by monitoring the routing towards their networks in terms of what they had a fear of. Internet routing is a distributed protocol called BGP, and it is used to tell everybody where to find the servers or the clients on the Internet. However, when it was designed several decades ago, the Internet was very small and based on a lot of trust. Nobody was thinking about security.
About 10 years ago, a new type of attack came into the world: the IP hijack attack. Basically what you do in this attack is take the traffic between two end points and force it to go through your own network. By doing this, you form what is called a man-in-the-middle attack. These attacks are really.... These are large-scale attacks and are able to do a lot of things. Of course, if you get all the traffic passing through you, you can do espionage, or you can do what we call downgrade attacks and be able to insert Trojans into networks. You can penetrate networks. There are many types of attacks. This is why it is so dangerous. We have seen these attacks increasing in number throughout the years, especially in recent years.
We are here to look at these attacks. As a university professor, I'm doing research on this and have published a paper about this. Also, I do it as a company.
Now, when we look at these attempts, we see that these are not simple ones. They cannot be done by script kiddies. We're talking about government agencies and large criminal organizations doing these attacks, and we have to understand that this is not a dichotomy. There are governments using non-governmental bodies, and sometimes even criminal bodies, to do jobs that they want to distance themselves from. Think about the financial sector. It is especially targeted both by governments and of course by criminal organizations.
What can be done? One thing, of course, is to monitor your traffic to make sure that your flows of information won't go where they shouldn't go. This is obvious. This is something that we do at the company.
Another thing you need to do—and this is what we do also in Israel—is to set up CERTs. CERTs are what the Americans call fusion centres. They are organizations where, for governance in financial sectors, banks can share, in various levels of anonymity, data about attacks they are witnessing. This data can be distributed again—there are several levels of distribution—to other financial organizations, so that when there is an attack, such as a new virus, a new hijack attack or any other attack, data can be quickly shared with all the participants of the CERT in order to let them prepare for an attack that is going to come. This is very important. We do it in Israel. We have a national CERT and now we've also set up sectorial CERTs.
Finally, I cannot ignore the debate in Canada, in the U.K. and in the rest of the western world about equipment manufacturers. We know from the Snowden report that many American companies were collaborating with the U.S. government to get information from flows that they had.
There's no reason to believe that this is limited only to the U.S., and I would dare to say that in non-democratic countries it's probably happening even more often.
Now, when you have equipment, this equipment can be designed with vectors, with mechanisms, to sometimes divert traffic against what seems to be happening according to the routing protocol, so you have to monitor this type of equipment especially. We're talking about all sorts of telecommunications equipment, but especially routers. To do this, it's not enough to just look at the routing protocol, because here the diversion is done not through the routing protocol, but through the hardware itself. You need to do active monitoring.
This is something that we are doing. We've seen an increase in such attacks in the last two years. It's important not to limit ourselves to BGP but to also look at the actual data plane and where the packets are actually going, especially if you don't trust your equipment manufacturer.