Border Gateway Protocol (BGP) is the routing protocol that holds the internet together. It determines how traffic flows between autonomous systems (ASes) -- the large networks operated by ISPs, cloud providers, and enterprises. BGP was designed in the 1980s with an assumption that all participants would be trustworthy. That assumption has not aged well.
BGP hijacking occurs when a network announces routes for IP prefixes it doesn't own, causing traffic destined for those prefixes to flow through the attacker's network instead. For software distribution, this is a nightmare scenario.
How BGP Hijacking Works
When a network operator wants to attract traffic for a set of IP addresses, they announce those prefixes to their BGP peers. Under normal conditions, only the legitimate owner of an IP prefix announces routes for it. In a hijack:
- The attacker announces a more specific route: If the legitimate owner announces 192.0.2.0/24, the attacker announces 192.0.2.0/25. BGP prefers more specific routes, so traffic flows to the attacker.
- The attacker announces the same route with a shorter AS path: BGP prefers shorter paths, so traffic may shift to the attacker.
- The attacker announces to strategically chosen peers: This can redirect traffic from specific geographic regions while leaving other regions unaffected.
The attacker can then inspect, modify, or selectively forward the traffic.
The Software Distribution Problem
Software distribution relies heavily on the assumption that when you connect to a server, you're connecting to the right server. BGP hijacking breaks this assumption at the most fundamental level.
Package Registry Hijacking
Package registries like npm, PyPI, and Maven Central are hosted on specific IP addresses. A BGP hijack targeting those IPs could redirect npm install commands to an attacker-controlled server that serves modified packages.
In 2018, attackers briefly hijacked Amazon's Route 53 DNS service via BGP, ultimately redirecting MyEtherWallet traffic. The same technique could target any package registry.
Update Server Interception
Operating systems, applications, and security tools all phone home for updates. These update servers have fixed IP addresses that can be targeted with BGP hijacks. During the hijack window, the attacker serves malicious updates.
CI/CD Pipeline Interception
Build pipelines download dependencies, container images, and tools from remote servers. A BGP hijack during a build window could inject malicious components into the build without touching the source code.
CDN Hijacking
Content delivery networks serve a huge portion of the internet's software downloads. CDN nodes are distributed globally and use BGP to attract traffic. Hijacking a CDN's BGP routes could affect thousands of software downloads simultaneously.
Notable BGP Hijacking Incidents
Pakistan YouTube Hijack (2008)
Pakistan Telecom attempted to block YouTube domestically by announcing more specific routes for YouTube's IP space. The announcement leaked globally, causing YouTube to become unreachable for most of the internet for several hours. This demonstrated how easily BGP announcements can propagate.
Rostelecom Hijacking (2020)
Russian telecom operator Rostelecom hijacked BGP routes for over 200 CDNs and cloud providers, including Google, Amazon, Facebook, and Cloudflare. The hijack lasted for about an hour. While attributed to a configuration error, the incident showed that traffic for major software infrastructure could be redirected through a single network.
China Telecom Route Leaks
Multiple documented incidents have shown China Telecom announcing routes for US and European IP prefixes, causing traffic to route through Chinese networks. Research from the US Naval War College and Tel Aviv University documented systematic patterns in these announcements.
Cryptocurrency Hijacks
Multiple BGP hijacks have targeted cryptocurrency infrastructure. In 2018, attackers hijacked routes to intercept traffic to an Ethereum wallet service. These attacks demonstrate the financial motivation behind BGP abuse.
Why BGP Hijacking Is Hard to Detect
Several factors make BGP hijacking particularly insidious for supply chain attacks:
No authentication by default: BGP has no built-in mechanism to verify that a network is authorized to announce a given prefix. Any network can announce any route.
Propagation is fast: A malicious BGP announcement can propagate globally in minutes. By the time anyone notices, the damage may be done.
Selective targeting: Attackers can target specific geographic regions while leaving others unaffected. Your monitoring from one location might show everything is fine while another region is hijacked.
TLS is not a complete defense: While TLS prevents passive interception, attackers who hijack traffic can sometimes obtain valid certificates or exploit improper certificate validation.
Short duration: A hijack lasting just minutes during a critical build window can compromise dozens of builds.
Defenses Against BGP-Based Supply Chain Attacks
Resource Public Key Infrastructure (RPKI)
RPKI allows IP address holders to cryptographically certify which ASes are authorized to announce their prefixes. Networks that validate RPKI Route Origin Authorizations (ROAs) will reject unauthorized announcements.
Adoption is growing but still incomplete. As of 2021, roughly 30% of routes have ROAs, and only a fraction of networks filter based on RPKI validation.
BGP Monitoring
Services like BGPStream, RIPE RIS, and RouteViews provide real-time BGP data. Organizations can monitor for unexpected announcements of their IP prefixes and react quickly.
Set up alerts for:
- New origin ASes for your prefixes.
- More specific announcements covering your address space.
- Path changes that route traffic through unexpected networks.
Code Signing and Hash Verification
Since you can't fully trust the network path, verify packages at the application layer:
- Signed packages: Use GPG signatures or similar mechanisms to verify package authenticity.
- Hash pinning: Pin expected hashes for critical dependencies.
- Reproducible builds: Verify that build outputs match expected results.
Network-Level Mitigations
- Prefix filtering: Configure your network to only accept BGP announcements from expected peers for expected prefixes.
- AS path filtering: Reject routes with suspicious AS paths.
- BGPsec: An extension to BGP that provides path validation. Deployment is limited but growing.
Redundant Download Sources
Don't rely on a single server or CDN for critical downloads. Use multiple sources and compare results. If npm resolves differently from two independent networks, something is wrong.
Internal Mirrors and Caching
Maintain internal mirrors of critical package registries and container registries. This reduces your exposure to BGP hijacking by ensuring that routine builds don't need to fetch from the internet.
Build Reproducibility
Reproducible builds allow you to verify that a given source produces a specific binary output. If a BGP hijack results in a modified dependency being used during a build, the output won't match the expected hash.
The Bigger Picture
BGP hijacking is a reminder that software supply chain security extends far beyond the code in your repositories. The network infrastructure that delivers software is itself a critical component of the supply chain. Attacks at this layer are rare but high-impact, and they're nearly impossible to detect with traditional application-level security tools.
Organizations that take supply chain security seriously need to think about the full path from source to deployment -- including the network layer.
The Industry Response
The MANRS (Mutually Agreed Norms for Routing Security) initiative promotes routing security best practices. Participation is growing, with over 800 network operators and 100 IXPs committed to implementing filtering, anti-spoofing, coordination, and global validation.
The US government has also begun taking BGP security seriously, with CISA publishing guidance on BGP risks and NIST developing a roadmap for BGP security improvements.
How Safeguard.sh Helps
Safeguard.sh provides application-layer verification that complements network-level defenses against BGP hijacking. By generating and continuously validating SBOMs, Safeguard.sh ensures that the components in your software match known-good versions, regardless of how they were delivered. If a BGP hijack results in tampered packages entering your build pipeline, Safeguard.sh's integrity verification and policy enforcement will catch the discrepancy. The platform's vulnerability scanning also detects when dependencies don't match their expected signatures, providing the verification layer that network routing alone cannot guarantee.