There are a couple of ways.

The main one is called an Eclipse Attack in cyber circles, and it can be done at any entity operating at the ASN layer so long as they can position themselves to relay your traffic.

The adversary can invisibly (to victim PoV) modify traffic if they have a cooperating rootPKI cert (anywhere in the ecosystem) that isn't the originating content provider, so long as they recognize the network signature (connection handshake); solely by terminating encryption early.

Without a cert, you can still listen in with traffic analysis, the fetched traffic that's already been encrypted with their key (bit for bit), as known plaintext the math quickly reduces. SNI and a few other artifacts referencing the resources/sites are not part of the encrypted payload.

Its more commonly known in a crypto context, but that kind of attack can happen anywhere. It even works against TOR. One of the first instances (afaik) was disclosed by Princeton researches in 2015, under the Raptor paper.

▲

EE84M3i 9 days ago | parent | next [-]

I've studied and worked in computer security for over a decade and have never heard of an "eclipse attack" before. Is this blockchain specific terminology? It seems like an adversarial network partition?

▲

codethief 9 days ago | parent | next [-]

> It seems like an adversarial network partition

plus an MITM attack, if I understand correctly.

▲

trod1234 9 days ago | parent | prev [-]

I've been a SA Generalist for a decade, primarily in biopharma. This is the terminology the people I worked alongside used which included both Network and Computer Engineers.

It was explained to me that its just another version of MITM, the only difference is the number of resilient paths that need to be compromised. Eclipse type of attacks focus on compromising multiple nodes and most deal with breaking consensus algorithmic based software, which is quite common of blockchain, but that isn't the only place.

TL;DR In a single path graph you have MITM, in a N-path graph of connectivity you have Eclipse. Two heads of the same coin.

Loosely I guess it would be considered an adversarial network partition at the ASN/BGP level. For active attacks you'd have to broadcast improperly, but for regional attacks at the ASN level you just have to be positioned correctly passively. That's why the whole AT&T room for the NSA back in the day was such a big deal. A lot of these attacks have been known about for a long time.

For instance, the same kind of attack could easily be done by compromising firmware within 1-step away from edge devices (Modems/Routers/ISP TFTP servers).

Quite a lot of what was in the nationstate war-chest 10 years ago has been leaked, and is actively being used by non-state actors at this point.

Its mad how sophisticated things are now. On some campuses, its not unheard of to see drones flying by to hack the radio logitech keyboards of campus computers; where they try to drop malware OTA through a powershell or tty keyboard spawned terminal prompt. Crazy stuff.

▲

darkwater 8 days ago | parent [-]

> Its mad how sophisticated things are now. On some campuses, its not unheard of to see drones flying by to hack the radio logitech keyboards of campus computers; where they try to drop malware OTA through a powershell or tty keyboard spawned terminal prompt. Crazy stuff.

This is actually crazy indeed. At least you can still use corded keyboards or BT ones (until the day there is some 0-day on BT pairing...)

	▲	trod1234 7 days ago \| parent [-]
		> until the day there is some 0-day on BT pairing Early versions of BT that's already true. AFAIK, 4.2, 5, 6 are still safe. Though there has been a lot of activity I haven't followed this year wrt 4.2, so that may be dated.

▲

9 days ago | parent | prev [-]

[deleted]