BGP hijacks: the next generation stealthy Command and Control for botnets

Event Start
Event End
Location
Building 9, Level 2, Hall 1, Room 2322
Dr. Marc Dacier, Chair of the Digital Security department and a full Professor at Eurecom, France

Abstract

It is well known that malware spreading over the Internet aim at transforming vulnerable devices into bots that can be misused by attackers. These armies of bots constitute what is commonly called "botnets" and they are given tasks (such as spamming, dosing, etc..)  to do through a "command and control" infrastructure (C2C). Identifying and neutralizing these C2C has been the subject of an arms race between white and black hats for years. In this talk, we will briefly explain how C2C works and how they have been (and still are being) detected. We will then present some very strange results obtained when studying BGP announcements over a period of several years. BGP is the de facto standard for Internet routing.  BGP hijacks attacks seem to be happening routinely without anyone complaining about it. We will present the reasons why this could be happening and explore the possibility that this might be the symptoms of the activity of a brand new generation of C2C not discussed so far, an extremely stealthy and sophisticated one.  This still remains an open conjecture though that would require some more research to reach a positive, or negative, conclusion.

Brief Biography

Dr. Dacier is the chair of the Digital Security department and a full professor at Eurecom, France, since October 1st, 2017. He obtained his Ph.D. from INPT in 1994 from his work done at LAAS, CNRS, in Toulouse (France). Since then, he has had a balanced career between industry and academia. After his thesis, he worked for one year as a security consultant in Paris, France, for France Telecom and the French ministry of interior. In 1996, he joined IBM Research in Zurich (Switzerland) to create the Global Security Analysis Laboratory (GSAL). In 2002, he became a professor at Eurecom. In 2008, he joined Symantec to build its European Research Labs. Later, he spent two years in the USA to manage all the collaborative research projects, worldwide. In that role, he was in charge of teams in France, Ireland and in the United States. He was also the university relations manager for Symantec Research Labs, worldwide. In 2014, he became the director of the cybersecurity research group at QCRI, in Qatar, where he lived for 3 years. An internationally recognized expert in cybersecurity, Dr. Dacier has served on more than 120 program committees of all major security and dependability conferences and as a member of the editorial board of several top tier technical peer-reviewed journals.

Contact Person