How 50% of telco Orange Spain’s traffic got hijacked — a weak password

Orange Spain faced a service interruption today caused by a BGP hijacking incident, resulting in a significant reduction of around 50% in traffic from Orange Spain patrons. The perpetrator managed to infiltrate Orange's RIPE account, which oversees the administration of internet IP addresses. By leveraging details acquired from the compromised RIPE account, the perpetrator enacted a disruptive configuration that compromised BGP routing, disrupting the network's ability to facilitate communication between different networks. This security breach transpired as the perpetrator exploited a weak password to access the compromised RIPE account, which had been compromised since August of the previous year. The illicit trading of login credentials for access.ripe.net in underground markets heightens the risk of similar cyber assaults targeting other establishments and internet service providers throughout Europe. Orange Spain swiftly rectified the alterations and reinstated services for its customers. However, this incident is not an isolated case, with comparable security breaches being prevalent. Key takeaways from this incident underline the significance of enabling two-step verification in RIPE accounts and the necessity for RIPE to enforce multifactor authentication for all users consistently. An investigation has been launched by RIPE, aiming to mandate two-step verification and introduce a broader spectrum of authentication mechanisms in the near future.

An insufficient password enabled an unauthorized individual to access Orange Spain's RIPE account, resulting in a BGP hijacking and subsequent service interruption. This breach emphasizes the importance of implementing strong security protocols, such as using robust passwords and two-factor authentication, to mitigate the risk of unauthorized entry and safeguard against network disturbances.