What Is IP Hijacking?

Internet Protocol (IP) hijacking is a malicious form of computer security exploits. Individuals who engage in such exploits typically employ stealthy methods to conduct their covert activities. During IP hijacking, the disreputable person’s intention is to take over the rightful user’s Internet session by impersonating either the administrator or the client. If the hijacker takes over an administrator’s session, the client’s authentication information becomes exposed. When a client’s session is the target, the hijacker is able to disconnect the legitimate client and reroute his or her information, thus gaining access to private, personal details.

Several other terms are used to describe forms of IP hijacking, including prefix hijacking, route hijacking, and border gateway protocol (BGP) hijacking. All of these share the common theme of illegitimate take-overs of individual IP addresses or groups of IP addresses. These exploits range from attacks on personal networks all the way up to organizations and even government systems. The outcomes may vary from identity theft to breaches resulting in loss of critical data.

Prefixes are groups of individual IP addresses either owned or originated by an autonomous system (AS). Routes or routing tables connect these systems under the maintenance of border gateway protocol, which acts as the pathway for IP routing from one autonomous system to another. Any form of hijacking at any one of these points creates a security threat. The goal of IP hijacking may be spamming, distributed denial-of-service (DDoS) attacks, identity theft, or more malicious activity, such as exposing an organization’s or government’s confidential information and secrets.

Bogon filtering helps identify bogus IP addresses. These “empty space” or undesignated addresses are what IP hijackers typically use to carry out their malicious deeds. Filtering and identifying these bogus addresses gives users the opportunity to combat attempted IP hijacking.

Resource public key infrastructure (RPKI) is another security measure individuals and organizations may use to reduce vulnerability to IP hijacking. As a vigorous and secure framework, RPKI verifies IP addresses and their legitimate users through an electronic file called a resource certificate. The additional valuable function of a resource public key infrastructure is its ability to block IP hijacking attempts.

Individuals, companies, and government organizations can reduce the likelihood of becoming victims of IP hijacking by taking steps to protect their computer systems. Encrypted transport protocols produce secure session keys and channels, making it more difficult for hijackers to break in. Reducing vulnerabilities helps to close the door to computer security exploits.