Digging into the Orange Espana Attack

This presentation will focus on the unprecedented cyber-attack on Orange España in January 2024, highlighting the novel misuse of the Resource Public Key Infrastructure (RPKI) to induce an outage.

We will explore the sequence of events leading to the service disruption, the attacker's strategy of publishing erroneous Route Origin Authorizations (ROAs), and the subsequent operational and security lessons for network operators. In particular what the incident tells us about how efficient RKPI is today, where we see a partial deployment on the Glocal Internet.

The presentation will be based on the work of Kentik’s Internet Analyst Doug Madory.