In a weeks-long stretch in 2014, hackers stole thousands of dollars a day in cryptocurrency from owners. In 2017, internet outages cropped up around the United States for hours. Last year, Google Cloud suffered hours of disruptions. Earlier this month, a large swath of European mobile data was rerouted through the state-backed China Telecom. And on Monday, websites and services around the world—including the internet infrastructure firm Cloudflare—experienced hours of outages. These incidents may sound different, but they actually all resulted from problems—some accidental, some malicious—with a fundamental internet routing system called the Border Gateway Protocol.

The web is distributed, but it's also interconnected. It needs to be so that data can move around worldwide without all being controlled by a single entity. So every time you load a website or send an email, BGP is the system responsible for optimizing the route that data takes across these sprawling, intertwined networks. And when it goes wrong, the whole internet feels it.

Infrastructure Weak

Originally conceived in 1989 (on two napkins), the version of BGP used today remains largely unchanged since 1994. And though BGP has scaled surprisingly well, there's no denying that the internet is very different than it was 25 years ago. In fact, the way BGP was designed introduces risk of outages, manipulations, and data interception—all of which have come to pass.

The internet's backbone routers—massive industrial nodes usually run by internet service providers, not the Linksys at your house—each control a set of IP addresses and routes. ISPs and other large organizations use BGP to announce these routes to the world and calculate paths. Think of it like planning a cross-country drive: You need to know the different route options in each area, so you can stop at all the right corn mazes and the world's largest rocking chair without adding too much extra driving each day. But if your GPS is outdated, you could wind up at a dead end or on a new road that totally bypasses the salt flats.

On the internet, it's crucial for data to get where it's supposed to go, yet BGP hinges on something a little bit slippery: trust. The protocol wasn't designed to independently verify the route claims of individual networks. If these so-called autonomous systems accidentally announce bad routes—or are hijacked to broadcast inaccurate routes—data flows start to back up or reroute in haphazard ways that can lead to connectivity issues. It's like if hackers set up detour signs, or changed street names, to put you on a path to your in-laws' house instead of a waterpark. And if an attacker crafts one of these diversions carefully, they can even potentially control the flow of data to intercept it.

"It’s a protocol that was built with a trust-based mind-set," says Jérôme Fleury, director of network engineering for Cloudflare. "There was no security mechanism at the time; there was pretty much nothing except trust. And it worked actually pretty well for a lot of years. But the main issue right now is you find a lot of bad actors on the internet, and you will find bad actors that can actually operate routers now. And people are also prone to mistakes. So the question is, how do we move the needle from trust-based BGP routing to a framework that has authentication?"

BGP isn't the only historic internet system with trust issues. Another fundamental protocol, known as the Domain Name System, has dealt with similar issues. If BGP is the internet's navigational system, DNS is its address book. DNS hijacking has become a major security issue around the world, and the Department of Homeland Security even issued an emergency directive in January aimed at defending DNS accounts.