Amazon is famous for providing cloud services to customers. And here, the tech giant had lost control to a number of its cloud service IP addresses for two hours.
Hackers have exploited Border Gateway Protocol, a known internet-protocol weakness that allowed them to redirect traffic from Amazon to their designated destinations. This is used by network operators to exchange large chunks of Internet
By subverting Amazon's services, the attackers masked their attack as cryptocurrency website MyEtherWallet.com.
And here they've managed to steal about $150,000 worth of digital coins from unsuspecting users.
What users saw, was unsigned SSL certificate, a broken link in the site’s verification. This was unusual, but most people apparently continued without hesitating. This made them vulnerable to those hackers.
Amazon lost control to about 1,300 IP addresses, said Oracle-owned Internet Intelligence said on Twitter. The malicious redirection was caused by fraudulent routes that were announced by Columbus, Ohio-based eNet, an ISP that is known as autonomous system 10297.
The announcement made Hurricane Electric and also Hurricane Electric customers and other eNet peers to send traffic over the same unauthorized routes. And in this case, they are redirected to the 1,300 addresses belonged to Route 53, Amazon's domain name system service.
The peered networks were unaware of the situation, and they accepted these announcements and incorrectly directed "a small percentage of traffic for a single customer’s domain to the malicious copy of that domain."
This type of attack requires access to BGP routers are major ISPs and real computing resource process so much DNS traffic. Because it's difficult to carry out, this led to speculations that MyEtherWallet wasn't the only target.
Amazon denied that its service was hacked or compromised.
Amazon whose traffic is hijacked, has yet to have effective technical means to prevent such attacks.