Diverting internet traffic can be quite profitable to hackers. A crime ring known as "3ve" hijacked over 1.5 million trusted IP addresses to rake in online advertising revenue.
Ars Technica reports:
In one of the most sophisticated uses of BGP hijacking yet, criminals used the technique to generate $29 million in fraudulent ad revenue, in part by taking control of IP addresses belonging to the US Air Force and other reputable organizations.
In all, "3ve," as researchers dubbed the ad fraud gang, used BGP attacks to hijack more than 1.5 million IP addresses over a 12-month span beginning in April 2017. The hijacking was notable for the precision and sophistication of the attackers, who clearly had experience with BGP—and a huge amount of patience.
A paper jointly published last month by Google and security firm White Ops agreed with the assessment that the systematic hijacking represents a major threat to a trustworthy Internet.
“Acquiring IP addresses this way is significant because it constitutes a particularly blatant form of fraud, used to corrupt large groups of IPs by interfering directly with an exterior routing protocol,” the paper, titled "The Hunt for 3ve," warned.