hngopher.com

       [HN Gopher] Someone was breaking into Orange Spain RIPE account ...
       ___________________________________________________________________
        
       Someone was breaking into Orange Spain RIPE account (and break
       their /12)
        
       Author : j4nek
       Score  : 40 points
       Date   : 2024-01-03 19:20 UTC (3 hours ago)
        
 (HTM) web link (benjojo.co.uk)
 (TXT) w3m dump (benjojo.co.uk)
        
       | kinow wrote:
       | I was affected by that attack. After lunch here in Barcelona
       | several sites started to time out on Firefox: GitHub, Twitter,
       | Hacker News, Canva, DuckDuckGo. While others like Reddit, Google,
       | YouTube kept working.
       | 
       | Found via Twitter that others had already tried changing DNS
       | servers, and then did a tracepath and found that I couldn't reach
       | the resolved IP's. Thought it would have been a misconfiguration
       | of Orange. Then on Twitter (accessed via Orange mobile, which
       | funnily worked fine -- probably a different network?) I found a
       | thread of the people in Spain complaining about it, where someone
       | later replied with links to the RIPE account take-over tweet.
       | 
       | Took about 2-4 hours for the service to be fixed. Haven't fixed
       | any other issues so far. One of the articles pointed that it
       | could have been due to someone that was not using 2FA, but there
       | were no sources in that article.
       | 
       | EDIT: the article mentioned above
       | https://bandaancha.eu/articulos/secuestran-cuenta-ripe-orang...
        
       | londons_explore wrote:
       | What evil could one do with this?
        
         | WarOnPrivacy wrote:
         | Some years back, Russia hijacked a BGP belonging to a major
         | transit provider. For a few hours, international traffic was
         | rerouted thru Russian networks where it could be cloned (like
         | the NSA does in the states) and examined.
         | 
         | They could have been after something specific in the traffic
         | but my unqualified guess is that it was a test or they were
         | showing off.
        
       | SOLAR_FIELDS wrote:
       | For those like myself that are somewhat unfamiliar with what RIPE
       | is:
       | 
       | RIPE is the European equivalent of ARIN (the North American
       | regional authority of ISP addressing matters). They are sort of
       | like the postal/zoning agents of the internet in that they
       | oversee the distribution and management of IP address blocks.
       | ISPs like Orange Spain have a RIPE account that they use manage
       | their IP allocations, which is what was compromised.
        
       ___________________________________________________________________
       (page generated 2024-01-03 23:00 UTC)