Full Report
Those pesky hackers! Alex Sotirov (of heap feng shui fame, famous for breaking everything from Vista, to web browsers, to facebook) and Jacob Applebaum (of cold-boot attack fame, and more importantly of “knuth is my homeboy” fame) will be talking in a few hours at the 25c3 conference in Germany and by all accounts its going to be an “Internet Breaker”. There is a fair bit of speculation on the nature of the bug (though most people some confident that its routing protocol related) and HD Moore has blogged that the pair have sought legal advice pre-publishing.
Analysis Summary
# Main Topic
Anticipation surrounding a presentation at the 25c3 conference by Alex Sotirov and Jacob Applebaum, widely speculated to involve a critical vulnerability capable of disrupting internet infrastructure, potentially related to routing protocols.
## Key Points
- The presentation is highly anticipated and labeled an "Internet Breaker."
- Speculation strongly suggests the vulnerability is related to internet routing protocols.
- The researchers (Sotirov and Applebaum) reportedly sought legal advice prior to the disclosure, indicating high severity.
- Alex Sotirov is known for past work on exploit techniques like "heap feng shui."
- Jacob Applebaum is known for the "cold-boot attack."
## Threat Actors
- **Alex Sotirov:** Researcher known for past work in memory corruption exploits (associated with heap feng shui, breaking Vista, web browsers, and Facebook).
- **Jacob Applebaum:** Researcher known for the cold-boot attack.
- *Note: These individuals are presenting research findings, not acting as malicious threat actors in this context, but their work details a significant potential threat vector.*
## TTPs
- The specific TTP is not explicitly detailed, but the focus is on compromising **"routing protocol related"** systems.
- Historical context mentions past theoretical attacks against the internet via BGP (Border Gateway Protocol) attacks, which may align with the nature of this new research, as suggested by the talk title tagline.
## Affected Systems
- Critical Internet Infrastructure.
- Routing protocols (specifically suspected to be BGP).
## Mitigations
- No concrete technical mitigations are provided in the source material, as the vulnerability details were not disclosed prior to the conference.
- The seeking of legal advice suggests the need for organizational preparedness for potential widespread impact.
## Conclusion
This intelligence indicates an impending, high-impact disclosure concerning critical internet infrastructure security, highly suspected to target routing protocols. Organizations managing internet backbone infrastructure should be on high alert following the 25c3 presentation and seek official details on the vulnerability and necessary patches immediately upon release.