Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.

The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

[...]

« It’s a huge issue. It’s at least as big an issue as the DNS issue, if not bigger, » said Peiter « Mudge » Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. « I went around screaming my head about this about ten or twelve years ago…. We described this to intelligence agencies and to the National Security Council, in detail. »

Revealed: The Internets Biggest Security Hole | Threat Level from Wired.com