[surround]

The graphic that shows that a hijacker can route traffic to their malicious website is a little misleading. Since the SSL certificate would be invalid, browsers would block the connection and show a warning.

I guess the attack could still be used for denial of service.

[icedchai]

Once you have control of the destination, you could get a valid SSL certificate with Letsencrypt or whatever.

[surround]

Wow I'm surprised, you're right, and it has happened before:

> the attacker issued and registered a free temporary 3-month certificate for the developers[.]kakao.com domain through SSL certificate issuer called ZeroSSL. Because the routing policy was already manipulated by the BGP Hijacking, the attacker was able to register the certificate.

https://medium.com/s2wblog/post-mortem-of-klayswap-incident-...

[sureglymop]

You could mitigate this by monitoring certificate transparency logs for unwanted certificates issued for your domain.

Currently there are no good monitors though aka the system is a bit broken.

[pocksuppet]

And another one: https://notes.valdikss.org.ru/jabber.ru-mitm/

[icedchai]

It sounds like that one may have been the result of a "lawful intercept", so perhaps not necessarily BGP hijacking. If you have legitimate control of the ASN/network, it's not a hijack.