One of Spain's biggest mobile carriers said it had restored services after a hacker caused an outage by manipulating crucial information about the company's internet infrastructure.
It was unclear if the internet outages directly affected the Madrid-based company's mobile phone service, but overall the internet-related outage lasted about three hours.
Cybersecurity experts who examined the incident marveled at some aspects of it.
Reports said that the initial breach was to the company's account on RIPE, the regional internet register for Europe.
First reported by BleepingComputer, the breach was claimed by a hacker who boasted of the attack on Twitter.
The attacker shared images of their administrative account access, and Orange España even responded to the tweet, acknowledging that it was addressing the issue.
With access to the RIPE account, the hacker was able to disrupt how Orange's internet addresses appeared to the Border Gateway Protocol, a cornerstone for the handling of global digital traffic.
BGP is essentially a set of rules that help determine the best routes for data.
More specifically, the hacker changed the autonomous system number associated with Orange's IP addresses.
When assigned properly, AS numbers allow networks to exchange information with the rest of the internet.
The attacker created an invalid Resource Public Key Infrastructure configuration for Orange.
RPKI is supposed to help secure BGP routing, but in this incident, the hacker used it to ensure that the switch to the AS number led to problems.
Internet access monitor Cloudflare said it observed a massive disruption to Orange's internet access and a 50% decrease in traffic.
Jonathan has worked across the globe as a journalist since 2014.
Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.
He previously covered cybersecurity at ZDNet and TechRepublic.
Joe Warminsky is the news editor for Recorded Future News.
He has more than 25 years experience as an editor and writer in the Washington, D.C., area.
Most recently he helped lead CyberScoop for more than five years.
Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.
This Cyber News was published on therecord.media. Publication date: Thu, 04 Jan 2024 16:10:29 +0000