{"id":23971,"date":"2024-01-09T12:51:30","date_gmt":"2024-01-09T12:51:30","guid":{"rendered":"https:\/\/blog.lacnic.net\/?p=23971"},"modified":"2024-01-09T15:07:04","modified_gmt":"2024-01-09T15:07:04","slug":"digging-into-the-orange-espana-hack","status":"publish","type":"post","link":"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/","title":{"rendered":"Digging into the Orange Espa\u00f1a Hack"},"content":{"rendered":"\n

By Doug Madory<\/a> – Director of Internet Analysis at Kentik<\/p>\n\n\n\n

Originally published in Kentik Blog<\/a> on January 4, 2024<\/p>\n\n\n\n

Summary<\/p>\n\n\n\n

Orange Espa\u00f1a, Spain\u2019s second largest mobile operator, suffered a major outage on January 3, 2024. The outage was unprecedented due to the use of RPKI, a mechanism designed to protect internet routing security, as a tool for denial of service. In this post, we dig into the outage and the unique manipulation of RPKI.<\/p>\n\n\n\n

\n\n\n\n

On January 3, 2024, Spain\u2019s second largest mobile operator, Orange Espa\u00f1a, experienced a national outage<\/a> spanning multiple hours. The cause? A compromised password and an increasingly robust routing system. Turns out that the network operator\u2019s favorite defense tool (RPKI) can be a double-edged sword.<\/p>\n\n\n\n

Using a password found in a public leak<\/a> of stolen credentials, a hacker was able to log into Orange Espa\u00f1a\u2019s RIPE NCC portal using the password \u201cripeadmin.\u201d Oops!<\/em> Once in, this individual began altering Orange Espa\u00f1a\u2019s RPKI configuration, rendering many of its BGP routes RPKI-invalid.<\/p>\n\n\n\n

As demonstrated in our earlier analysis<\/a>, the internet\u2019s RPKI ROV deployment has reached the point where the propagation of a route is cut in half or more<\/em> when evaluated as RPKI-invalid. Normally this is desired behavior, but when an RPKI config is intentionally loaded with misconfigured data, it can render address space unreachable, effectively becoming a tool for denial of service.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Using Kentik\u2019s aggregate NetFlow, we observed the outage (illustrated above) as a large drop of the volume of inbound traffic to Orange Espa\u00f1a (AS12479) between 14:20 UTC (3:20pm local) and 18:00 UTC (7pm local). However, there were more developments prior to this window of time as well as some lingering effects, which we will dig into in the post below.<\/p>\n\n\n\n

What happened?<\/p>\n\n\n\n

We already know the outage took place and how the attacker pulled it off. Now let\u2019s trace the sequence of events using archived RPKI data from RPKIviews<\/a>.<\/p>\n\n\n\n

The story begins at 09:28 UTC on January 3, when someone (presumably the attacker) began tinkering with publishing and revoking ROAs for IP ranges belonging to the Spanish mobile operator. Then, at 09:42 UTC they published three new ROAs for Orange Espa\u00f1a IP ranges with material impact.<\/p>\n\n\n\n

Origin     prefix         maxLength ta   expiration\nAS12479    93.117.88.0\/22 22        ripe 1704355258\nAS12479    93.117.88.0\/21 21        ripe 1704355258\nAS12479    149.74.0.0\/16  16        ripe 1704355258<\/code><\/pre>\n\n\n\n
Source<\/a><\/p>\n\n\n\n
Given the fact that 93.117.88.0\/22, 93.117.88.0\/21, and 149.74.0.0\/16 were all already originated by AS12479, those routes weren\u2019t affected, but 149.74.0.0\/16 had quite a few more-specifics that were now going to be evaluated as RPKI-invalid due to the max prefix length setting of 16.<\/p>\n\n\n\n
Perhaps realizing this, minutes later, that someone published a slew of additional ROAs to account for the more-specifics of 149.74.0.0\/16. These had the proper origin (AS12479) and as a result, all of those more-specifics became valid. All but one, that is.<\/p>\n\n\n\n
Origin    prefix            maxLength  ta    expiration\nAS12479   149.74.100.0\/23   23         ripe  1704355258\nAS12479   149.74.102.0\/23   23         ripe  1704355258\nAS12479   149.74.104.0\/23   23         ripe  1704355258\nAS12479   149.74.106.0\/23   23         ripe  1704355258\nAS12479   149.74.108.0\/23   23         ripe  1704355258<\/code><\/pre>\n\n\n\n
(and many more)<\/p>\n\n\n\n
Using Kentik\u2019s BGP visualization, we can compare the impact in reachability (aka propagation) for two adjacent more-specifics of 149.74.0.0\/16. Shown below, 149.74.172.0\/22 was the route missed in that follow-up publication of ROAs. Its reachability dropped for over four hours to as little as 20% of our BGP sources.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Conversely, the rest of the more-specifics looked like 149.74.168.0\/22 below: a brief partial drop in reachability between the first and second publications of ROAs mentioned above.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Although these prefixes were RPKI-invalid for several minutes, they only experienced a partial drop in reachability due to delays in the time to globally propagate ROAs, as documented in recent research on the topic<\/a>. The act of blotting out a newly RPKI-invalid route is not instantaneous.<\/p>\n\n\n\n
Wielding RPKI as a weapon<\/p>\n\n\n\n
Then the attacker took it a step further by creating ROAs with an origin other than that of Orange Espa\u00f1a\u2019s. About the same time those additional ROAs were published covering the more-specifics of 149.74.0.0\/16, four new ROAs were created for Orange Espa\u00f1a IP space with a deliberately incorrect origin of AS49581.<\/p>\n\n\n\n
Origin    prefix           maxLength  ta     expiration\nAS49581   149.74.0.0\/16    16         ripe   1704355258\nAS49581   1.178.232.0\/21   21         ripe   1704355258\nAS49581   145.1.240.0\/20   20         ripe   1704355258\nAS49581   62.36.0.0\/16     16         ripe   1704355258<\/code><\/pre>\n\n\n\n
The addition of the bogus ROA for 149.74.0.0\/16 had no effect because the attacker had previously created a ROA with the correct origin (AS12479) \u2014 as long as one ROA matches, a route is evaluated as RPKI-valid.<\/p>\n\n\n\n
145.1.240.0\/20 and 1.178.232.0\/21 were only briefly invalid before the attacker published ROAs with correct origins.<\/p>\n\n\n\n
Origin    prefix          maxLength  ta     expiration\nAS12479   145.1.240.0\/20  20         ripe   1704355258\nAS12479   1.178.232.0\/21  21         ripe   1704355258<\/code><\/pre>\n\n\n\n
Only 62.36.0.0\/16 (shown below) and its numerous more-specifics were rendered RPKI-invalid and had their reachability reduced for the duration of the outage due to the ROAs with bogus origins.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Thus far in the story, the attacker\u2019s tinkering has led to the creation of a couple of RPKI-invalid routes and some minor reachability problems, but the major disruption was yet to come.<\/p>\n\n\n\n
It wasn\u2019t until about 14:20 UTC (3:20pm local) that things got ugly. The attacker went for it and published four more ROAs with bogus origins. Two of the ROAs were \/12\u2019s which covered over a thousand routes originated by AS12479 \u2014 all rendered RPKI-invalid by the publication of the following ROAs:<\/p>\n\n\n\n
Origin    prefix          maxLength  ta     expiration\nAS49581   85.48.0.0\/12    12         ripe   1704355258\nAS49581   90.160.0.0\/12   12         ripe   1704355258\nAS49581   93.117.88.0\/21  21         ripe   1704355258\nAS49581   145.1.232.0\/21  21         ripe   1704355258<\/code><\/pre>\n\n\n\n
It was here when the traffic graph at the beginning of this blog post began to take a nose dive. The number of globally routed routes originated by AS12479 dropped from around 9,200 to 7,400, as backbone carriers which reject RPKI-invalid routes stopped carrying a large chunk of Orange Espa\u00f1a\u2019s IP space.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Reachability of 145.1.232.0\/21 during the worst part of the outage.<\/p>\n\n\n\n
It wasn\u2019t until just before 18:00 UTC (7pm local) that things began to return to normal. Engineers from Spain\u2019s second largest mobile operator regained control of their RIPC NCC account and began publishing new ROAs that would enable the carrier to restore service.<\/p>\n\n\n\n
Origin    prefix          maxLength   ta     expiration\nAS12479   85.48.0.0\/12    12          ripe   1704384768\nAS12479   90.160.0.0\/12   12          ripe   1704384768\nAS12479   62.36.0.0\/16    16          ripe   1704384768\nAS12479   93.117.88.0\/21  21          ripe   1704384768\nAS12479   145.1.232.0\/21  21          ripe   1704384768\nAS12479   93.117.92.0\/22  22          ripe   1704384768\nAS12479   62.36.21.0\/24   24          ripe   1704384768<\/code><\/pre>\n\n\n\n
Conclusion<\/p>\n\n\n\n
While RPKI was employed as a central instrument of this attack, it should not be construed as the cause of the outage any more than we would blame a router if an adversary were to get ahold of the login credentials and start disabling interfaces.<\/p>\n\n\n\n
It seems that prior to January 3, the Spanish mobile operator\u2019s RIPE NCC account had never created a ROA (although other parts of Orange had created some on its behalf). If RPKI wasn\u2019t on Orange Espa\u00f1a\u2019s radar before, it sure is now.<\/p>\n\n\n\n
Although the outage is over, there is still a lot of clean-up work to be done. As of this writing, over a thousand of the routes originated by AS12479 are still invalid, mostly due to the max prefix length setting on the ROAs for the two \/12\u2019s. Between yesterday and today, the number of unique IPv4 addresses originated by AS12479 dropped from 7 million to 5 million, and a few bogus ROAs with an origin of AS49581 are still in circulation.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
One of over a thousand newly RPKI-invalid routes still originated by AS12479.<\/p>\n\n\n\n
I would remind those engineers cleaning up the ROAs that max prefix length is an optional field and can simply be left empty causing RPKI to only match on the origin of the ROA. This course of action was recently published as a best current practice<\/a>.<\/p>\n\n\n\n
RIPE NCC, the RIR<\/a> responsible for managing the allocation and registration of internet number resources (IP addresses and ASNs) in Europe, has launched an investigation<\/a> into the incident.<\/p>\n\n\n\n
Hopefully this incident can serve as a wake-up call to other service providers that their RIR portal account is mission-critical and needs to be protected by more than a simple password.<\/p>\n\n\n\n
The views expressed are those of the authors of this blog post and do not necessarily reflect the views of LACNIC.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"
By Doug Madory – Director of Internet Analysis at Kentik Originally published in Kentik Blog on January 4, 2024 Summary Orange Espa\u00f1a, Spain\u2019s second largest mobile operator, suffered a major outage on January 3, 2024. The outage was unprecedented due to the use of RPKI, a mechanism designed to protect internet routing security, as a tool for denial […]<\/p>\n","protected":false},"author":6,"featured_media":23992,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1327],"tags":[1292],"archivo":[1345,1451],"taxonomy-authors":[1418],"tipo_autor":[],"class_list":["post-23971","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-interconnection","tag-interconnection","archivo-editions","archivo-highlights-2023","taxonomy-authors-doug-madory-en"],"acf":{"author":"Doug Madory\u00a0- Director of Internet Analysis at Kentik","related_notes":""},"yoast_head":"\nLACNIC Blog | Digging into the Orange Espa\u00f1a Hack<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LACNIC Blog | Digging into the Orange Espa\u00f1a Hack\" \/>\n<meta property=\"og:description\" content=\"By Doug Madory – Director of Internet Analysis at Kentik Originally published in Kentik Blog on January 4, 2024 Summary Orange Espa\u00f1a, Spain\u2019s second largest mobile operator, suffered a major outage on January 3, 2024. The outage was unprecedented due to the use of RPKI, a mechanism designed to protect internet routing security, as a tool for denial […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/\" \/>\n<meta property=\"og:site_name\" content=\"LACNIC Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/lacnic\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-09T12:51:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-09T15:07:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/01\/interconexion-2023.png\" \/>\n\t<meta property=\"og:image:width\" content=\"680\" \/>\n\t<meta property=\"og:image:height\" content=\"330\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Gianni\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@lacnic\" \/>\n<meta name=\"twitter:site\" content=\"@lacnic\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/\"},\"author\":{\"name\":\"Gianni\",\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab\"},\"headline\":\"Digging into the Orange Espa\u00f1a Hack\",\"datePublished\":\"2024-01-09T12:51:30+00:00\",\"dateModified\":\"2024-01-09T15:07:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/\"},\"wordCount\":1219,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/blog.lacnic.net\/#organization\"},\"image\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/01\/interconexion-2023.png\",\"keywords\":[\"Interconnection\"],\"articleSection\":[\"Interconnection\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/\",\"url\":\"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/\",\"name\":\"LACNIC Blog | Digging into the Orange Espa\u00f1a Hack\",\"isPartOf\":{\"@id\":\"https:\/\/blog.lacnic.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/01\/interconexion-2023.png\",\"datePublished\":\"2024-01-09T12:51:30+00:00\",\"dateModified\":\"2024-01-09T15:07:04+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#primaryimage\",\"url\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/01\/interconexion-2023.png\",\"contentUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/01\/interconexion-2023.png\",\"width\":680,\"height\":330},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\/\/blog.lacnic.net\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Digging into the Orange Espa\u00f1a Hack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.lacnic.net\/#website\",\"url\":\"https:\/\/blog.lacnic.net\/\",\"name\":\"LACNIC Blog\",\"description\":\"En el Blog de LACNIC encontrar\u00e1s art\u00edculos t\u00e9cnicos vinculados al desarrollo de Internet en la regi\u00f3n de Am\u00e9rica Latina y el Caribe.\",\"publisher\":{\"@id\":\"https:\/\/blog.lacnic.net\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.lacnic.net\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/blog.lacnic.net\/#organization\",\"name\":\"LACNIC Blog\",\"url\":\"https:\/\/blog.lacnic.net\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg\",\"contentUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg\",\"caption\":\"LACNIC Blog\"},\"image\":{\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/facebook.com\/lacnic\",\"https:\/\/x.com\/lacnic\",\"https:\/\/www.instagram.com\/lacnic\/?hl=es-la\",\"https:\/\/uy.linkedin.com\/company\/lacnic\",\"https:\/\/www.youtube.com\/user\/lacnicstaff\",\"https:\/\/www.lacnic.net\/podcast\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab\",\"name\":\"Gianni\",\"url\":\"https:\/\/blog.lacnic.net\/en\/author\/gianni\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LACNIC Blog | Digging into the Orange Espa\u00f1a Hack","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/","og_locale":"en_US","og_type":"article","og_title":"LACNIC Blog | Digging into the Orange Espa\u00f1a Hack","og_description":"By Doug Madory – Director of Internet Analysis at Kentik Originally published in Kentik Blog on January 4, 2024 Summary Orange Espa\u00f1a, Spain\u2019s second largest mobile operator, suffered a major outage on January 3, 2024. The outage was unprecedented due to the use of RPKI, a mechanism designed to protect internet routing security, as a tool for denial […]","og_url":"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/","og_site_name":"LACNIC Blog","article_publisher":"https:\/\/facebook.com\/lacnic","article_published_time":"2024-01-09T12:51:30+00:00","article_modified_time":"2024-01-09T15:07:04+00:00","og_image":[{"width":680,"height":330,"url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/01\/interconexion-2023.png","type":"image\/png"}],"author":"Gianni","twitter_card":"summary_large_image","twitter_creator":"@lacnic","twitter_site":"@lacnic","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#article","isPartOf":{"@id":"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/"},"author":{"name":"Gianni","@id":"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab"},"headline":"Digging into the Orange Espa\u00f1a Hack","datePublished":"2024-01-09T12:51:30+00:00","dateModified":"2024-01-09T15:07:04+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/"},"wordCount":1219,"commentCount":0,"publisher":{"@id":"https:\/\/blog.lacnic.net\/#organization"},"image":{"@id":"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/01\/interconexion-2023.png","keywords":["Interconnection"],"articleSection":["Interconnection"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/","url":"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/","name":"LACNIC Blog | Digging into the Orange Espa\u00f1a Hack","isPartOf":{"@id":"https:\/\/blog.lacnic.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#primaryimage"},"image":{"@id":"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/01\/interconexion-2023.png","datePublished":"2024-01-09T12:51:30+00:00","dateModified":"2024-01-09T15:07:04+00:00","breadcrumb":{"@id":"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#primaryimage","url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/01\/interconexion-2023.png","contentUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/01\/interconexion-2023.png","width":680,"height":330},{"@type":"BreadcrumbList","@id":"https:\/\/blog.lacnic.net\/en\/digging-into-the-orange-espana-hack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/blog.lacnic.net\/en\/"},{"@type":"ListItem","position":2,"name":"Digging into the Orange Espa\u00f1a Hack"}]},{"@type":"WebSite","@id":"https:\/\/blog.lacnic.net\/#website","url":"https:\/\/blog.lacnic.net\/","name":"LACNIC Blog","description":"En el Blog de LACNIC encontrar\u00e1s art\u00edculos t\u00e9cnicos vinculados al desarrollo de Internet en la regi\u00f3n de Am\u00e9rica Latina y el Caribe.","publisher":{"@id":"https:\/\/blog.lacnic.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.lacnic.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/blog.lacnic.net\/#organization","name":"LACNIC Blog","url":"https:\/\/blog.lacnic.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/","url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg","contentUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg","caption":"LACNIC Blog"},"image":{"@id":"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/lacnic","https:\/\/x.com\/lacnic","https:\/\/www.instagram.com\/lacnic\/?hl=es-la","https:\/\/uy.linkedin.com\/company\/lacnic","https:\/\/www.youtube.com\/user\/lacnicstaff","https:\/\/www.lacnic.net\/podcast"]},{"@type":"Person","@id":"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab","name":"Gianni","url":"https:\/\/blog.lacnic.net\/en\/author\/gianni\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/01\/interconexion-2023.png","jetpack_sharing_enabled":true,"wpml_current_locale":"en_US","wpml_translations":[{"locale":"es_ES","id":24029,"post_title":"An\u00e1lisis del ataque a Orange Espa\u00f1a","slug":"analisis-del-ataque-a-orange-espana","href":"https:\/\/blog.lacnic.net\/analisis-del-ataque-a-orange-espana\/"}],"_links":{"self":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts\/23971","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/comments?post=23971"}],"version-history":[{"count":17,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts\/23971\/revisions"}],"predecessor-version":[{"id":24023,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts\/23971\/revisions\/24023"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/media\/23992"}],"wp:attachment":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/media?parent=23971"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/categories?post=23971"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/tags?post=23971"},{"taxonomy":"archivo","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/archivo?post=23971"},{"taxonomy":"taxonomy-authors","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/taxonomy-authors?post=23971"},{"taxonomy":"tipo_autor","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/tipo_autor?post=23971"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}