{"id":33101,"date":"2026-03-24T19:38:14","date_gmt":"2026-03-24T19:38:14","guid":{"rendered":"https:\/\/blog.lacnic.net\/?p=33101"},"modified":"2026-03-24T19:46:44","modified_gmt":"2026-03-24T19:46:44","slug":"rpki-vs-social-engineering-a-case-study-in-route-hijacking","status":"publish","type":"post","link":"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/","title":{"rendered":"RPKI vs social engineering: A case study in route hijacking"},"content":{"rendered":"\n<p><em>Carlos and Sanjaya present this topic during APRICOT 2026\/APNIC 61 (presentation recording below).<\/em><\/p>\n\n\n\n<p><a href=\"https:\/\/blog.lacnic.net\/en\/author\/sanjaya\/\">Sanjaya<\/a> and <a href=\"https:\/\/blog.lacnic.net\/en\/author\/carlos-martinez\/\">Carlos Martinez<\/a><\/p>\n\n\n\n<p><strong>Excerpt: <\/strong>A short BGP hijack in 2025 showed how routing security can fail when attackers exploit weaknesses in provider onboarding.<\/p>\n\n\n\n<p>During the <a href=\"https:\/\/2026.apricot.net\/programme\/programme\/#\/day\/7\/161\">APNIC Routing Security Special Interest Group (SIG)<\/a> session at <a href=\"https:\/\/2026.apricot.net\/\">APRICOT 2026\/APNIC 61<\/a>, APNIC and LACNIC presented a case study of a Border Gateway Protocol (BGP) hijack that combined a technical attack with social engineering. The incident occurred in July 2025. This article explains the incident, the coordination between Regional Internet Registries (RIRs), and what it means for Route Origin Authorizations (ROAs) and Autonomous System Provider Authorizations (ASPAs).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The incident<\/h2>\n\n\n\n<p>The first report came from a user who could not send email. Messages were accepted by the server but never reached the recipient. At first, this looked like a routine system issue because it occurred late in the evening, so the team planned to investigate the next day. A closer review showed that part of LACNIC\u2019s address space was being originated by networks that were not authorized to do so.<\/p>\n\n\n\n<p>Analysis showed that the attacker spoofed the Autonomous System Number (ASN) in a way that avoided creating an invalid state. This choice helped the false announcements propagate. The attacker also redirected traffic through an upstream that was later confirmed to be another victim, not an accomplice.<\/p>\n\n\n\n<p>Three short hijack events occurred:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>2025\u201107\u201109 19:47 (UTC \u22123) for about 20 minutes<\/li>\n\n\n\n<li>2025\u201107\u201110 20:34 (UTC \u22123) for about 15 minutes<\/li>\n\n\n\n<li>2025\u201107\u201112 10:13 (UTC \u22123) for about five minutes<\/li>\n<\/ul>\n\n\n\n<p>No further activity followed. This ASN had a history of similar events across AFRINIC, ARIN, LACNIC, and APNIC, which supported the conclusion that this was deliberate rather than accidental.<\/p>\n\n\n\n<p>The team was also able to reconstruct some of the attacker\u2019s infrastructure. They identified an email server, a web server, and another system listening on many ports, which may have been a scanning tool or honeypot.<\/p>\n\n\n\n<p>The activity showed clear signs of reconnaissance. The announcements appeared in short bursts, at random times, and only reached a small part of the Internet. The attacker also depended on a forged upstream relationship to make the traffic flow. These behaviours matched other attacks where adversaries test how far invalid or suspicious routes will propagate.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The investigation<\/h2>\n\n\n\n<p>LACNIC escalated the case to APNIC, which then contacted APJII\/IDNIC as the National Internet registry (NIR) of Indonesia, which delegated the ASN. The findings were unexpected: The legitimate ASN holder had no involvement. They were a small ISP with a local upstream, and they were also a victim. A malicious actor had impersonated them using forged documents and a domain name similar to the real organization.<\/p>\n\n\n\n<p>The attacker convinced a multinational upstream provider to enable transit for the hijacked ASN (which we\u2019ll call \u2018AS X\u2019). Once the BGP session was active, the attacker used AS\u202fX only as transit and injected short announcements from several spoofed origin ASNs behind it. These bursts lasted only minutes and disappeared quickly, which made them difficult to trace.<\/p>\n\n\n\n<p>Coordination across LACNIC, APNIC, and APJII\/IDNIC was essential. This joint effort confirmed the fraud, identified the upstream victim, and demonstrated the value of cross\u2011RIR and NIR escalation paths.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Attack flow<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"796\" height=\"436\" src=\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/fig1-rpki-social-engineering.png\" alt=\"\" class=\"wp-image-33090\" srcset=\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/fig1-rpki-social-engineering.png 796w, https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/fig1-rpki-social-engineering-300x164.png 300w, https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/fig1-rpki-social-engineering-602x330.png 602w, https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/fig1-rpki-social-engineering-768x421.png 768w\" sizes=\"(max-width: 796px) 100vw, 796px\" \/><\/figure>\n\n\n\n<p><strong><em>Figure 1 \u2014 Overview of the impersonation and upstream provisioning process. <\/em><\/strong><a href=\"https:\/\/conference.apnic.net\/61\/assets\/presentation-files\/356755e3-72be-43db-844d-98627bf845c9.pdf\"><strong><em>Source<\/em><\/strong><\/a><strong><em>.<\/em><\/strong><\/p>\n\n\n\n<p>Figure 1 shows the legitimate ASN holder, the hijacked ASN, and the bad actor using forged identity documents to request transit from a multinational provider. The provider enables BGP, and the attacker issues short, random announcements using the hijacked ASN.<\/p>\n\n\n\n<p>The attacker did not bypass RPKI. Instead, they exploited weak identity\u2011verification processes in upstream provisioning. The multinational provider failed to validate the customer\u2019s corporate identity or domain ownership before enabling BGP, which allowed the unauthorized announcements to proceed. The resulting hijacks propagated widely because Route Origin Validation (ROV) is inconsistently deployed, and many networks still accept NotFound routes. Additionally, the presence of broad ROA MaxLength values increased the scale of the incident by allowing more specific prefixes to appear valid.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Incident resolution<\/h2>\n\n\n\n<p>APNIC, LACNIC, APJII\/IDNIC, and the legitimate ASN holder confirmed that the upstream request was fraudulent. The upstream provider then terminated the BGP session. They also agreed that the incident could be used as an example for the routing security community.<\/p>\n\n\n\n<p>Speakers at the session also apologised to the small ISP, which had initially been suspected until the investigation confirmed they were another victim.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Routing security lessons<\/h2>\n\n\n\n<p>Several broader lessons emerge from this incident, highlighting where current routing security practices can be strengthened.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">ROA MaxLength discipline<\/h3>\n\n\n\n<p>Broad MaxLength values allow unintended, more\u2011specific routes to validate under ROV. Operators should:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>avoid broad MaxLength<\/li>\n\n\n\n<li>match MaxLength to real operational needs<\/li>\n\n\n\n<li>review ROAs regularly<\/li>\n<\/ul>\n\n\n\n<p>This is general best practice and not specific to this incident.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">ASPA and unauthorized upstreams<\/h3>\n\n\n\n<p>ASPA can prevent forged upstream relationships. If ASPA were deployed, this attack would have been far harder to perform. Enforcement depends on operator policy and router support.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"848\" height=\"322\" src=\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/fig2-rpki-social-engineering.png\" alt=\"\" class=\"wp-image-33093\" srcset=\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/fig2-rpki-social-engineering.png 848w, https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/fig2-rpki-social-engineering-300x114.png 300w, https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/fig2-rpki-social-engineering-680x258.png 680w, https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/fig2-rpki-social-engineering-768x292.png 768w\" sizes=\"(max-width: 848px) 100vw, 848px\" \/><\/figure>\n\n\n\n<p><strong><em>Figure 2 \u2014 Recommended routing security controls. <\/em><\/strong><a href=\"https:\/\/conference.apnic.net\/61\/assets\/presentation-files\/356755e3-72be-43db-844d-98627bf845c9.pdf\"><strong><em>Source<\/em><\/strong><\/a><strong>.<\/strong><\/p>\n\n\n\n<p>Figure 2 highlights two key defences: Setting precise ROA MaxLength values and using ASPA to prevent unauthorised upstream providers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Upstream provisioning is a security boundary<\/h3>\n\n\n\n<p>The attack targeted the onboarding process used by large providers. Strengthening this process is essential. Providers should:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Check RIR and Internet Routing Registry (IRR) records<\/li>\n\n\n\n<li>Call registered contacts to confirm requests<\/li>\n\n\n\n<li>Reject letters of authorisation (LOAs), which are easy to forge<\/li>\n\n\n\n<li>Check domain metadata, including age, similarity, and registration patterns<\/li>\n\n\n\n<li>Adopt ASPA validation as support becomes available<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Multi\u2011party coordination matters<\/h3>\n\n\n\n<p>Routing incidents cross organizational and regional boundaries. Coordination across RIRs, NIRs, operators, and Network Operator Groups (NOGs) helps confirm identities, match patterns, and contain incidents.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>Routing security covers more than cryptography. ROAs and ASPA reduce technical risks, but they cannot stop attacks that exploit weak identity checks. Stronger ROA discipline, ASPA adoption, better onboarding verification, and continued coordination across the Internet community will reduce the chance of similar attacks. Combining routing\u2011layer controls with identity\u2011layer checks will create a more resilient Internet.<\/p>\n\n\n\n<p>Watch Carlos\u2019 and Sanjaya\u2019s Routing Security SIG <a href=\"https:\/\/youtu.be\/Bk1kGPGjX-Q?t=3560\">presentation during APRICOT 2026\/APNIC 61<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Carlos and Sanjaya present this topic during APRICOT 2026\/APNIC 61 (presentation recording below). Sanjaya and Carlos Martinez Excerpt: A short BGP hijack in 2025 showed how routing security can fail when attackers exploit weaknesses in provider onboarding. During the APNIC Routing Security Special Interest Group (SIG) session at APRICOT 2026\/APNIC 61, APNIC and LACNIC presented [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":33098,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[919],"tags":[1280],"archivo":[1345,1451],"taxonomy-authors":[1198,1618],"tipo_autor":[],"class_list":["post-33101","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-routing","tag-routing","archivo-editions","archivo-highlights-2023","taxonomy-authors-carlos-martinez-en","taxonomy-authors-sanjaya"],"acf":{"author":"","related_notes":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>LACNIC Blog | RPKI vs social engineering: A case study in route hijacking<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LACNIC Blog | RPKI vs social engineering: A case study in route hijacking\" \/>\n<meta property=\"og:description\" content=\"Carlos and Sanjaya present this topic during APRICOT 2026\/APNIC 61 (presentation recording below). Sanjaya and Carlos Martinez Excerpt: A short BGP hijack in 2025 showed how routing security can fail when attackers exploit weaknesses in provider onboarding. During the APNIC Routing Security Special Interest Group (SIG) session at APRICOT 2026\/APNIC 61, APNIC and LACNIC presented [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/\" \/>\n<meta property=\"og:site_name\" content=\"LACNIC Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/lacnic\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-24T19:38:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-24T19:46:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/rpki-social-engineering-2026.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"680\" \/>\n\t<meta property=\"og:image:height\" content=\"330\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Gianni\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@lacnic\" \/>\n<meta name=\"twitter:site\" content=\"@lacnic\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/\"},\"author\":{\"name\":\"Gianni\",\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab\"},\"headline\":\"RPKI vs social engineering: A case study in route hijacking\",\"datePublished\":\"2026-03-24T19:38:14+00:00\",\"dateModified\":\"2026-03-24T19:46:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/\"},\"wordCount\":1004,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/blog.lacnic.net\/#organization\"},\"image\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/rpki-social-engineering-2026.jpg\",\"keywords\":[\"Routing\"],\"articleSection\":[\"Routing\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/\",\"url\":\"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/\",\"name\":\"LACNIC Blog | RPKI vs social engineering: A case study in route hijacking\",\"isPartOf\":{\"@id\":\"https:\/\/blog.lacnic.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/rpki-social-engineering-2026.jpg\",\"datePublished\":\"2026-03-24T19:38:14+00:00\",\"dateModified\":\"2026-03-24T19:46:44+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#primaryimage\",\"url\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/rpki-social-engineering-2026.jpg\",\"contentUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/rpki-social-engineering-2026.jpg\",\"width\":680,\"height\":330},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\/\/blog.lacnic.net\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"RPKI vs social engineering: A case study in route hijacking\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.lacnic.net\/#website\",\"url\":\"https:\/\/blog.lacnic.net\/\",\"name\":\"LACNIC Blog\",\"description\":\"En el Blog de LACNIC encontrar\u00e1s art\u00edculos t\u00e9cnicos vinculados al desarrollo de Internet en la regi\u00f3n de Am\u00e9rica Latina y el Caribe.\",\"publisher\":{\"@id\":\"https:\/\/blog.lacnic.net\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.lacnic.net\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/blog.lacnic.net\/#organization\",\"name\":\"LACNIC Blog\",\"url\":\"https:\/\/blog.lacnic.net\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg\",\"contentUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg\",\"caption\":\"LACNIC Blog\"},\"image\":{\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/facebook.com\/lacnic\",\"https:\/\/x.com\/lacnic\",\"https:\/\/www.instagram.com\/lacnic\/?hl=es-la\",\"https:\/\/uy.linkedin.com\/company\/lacnic\",\"https:\/\/www.youtube.com\/user\/lacnicstaff\",\"https:\/\/www.lacnic.net\/podcast\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab\",\"name\":\"Gianni\",\"url\":\"https:\/\/blog.lacnic.net\/en\/author\/gianni\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LACNIC Blog | RPKI vs social engineering: A case study in route hijacking","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/","og_locale":"en_US","og_type":"article","og_title":"LACNIC Blog | RPKI vs social engineering: A case study in route hijacking","og_description":"Carlos and Sanjaya present this topic during APRICOT 2026\/APNIC 61 (presentation recording below). Sanjaya and Carlos Martinez Excerpt: A short BGP hijack in 2025 showed how routing security can fail when attackers exploit weaknesses in provider onboarding. During the APNIC Routing Security Special Interest Group (SIG) session at APRICOT 2026\/APNIC 61, APNIC and LACNIC presented [&hellip;]","og_url":"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/","og_site_name":"LACNIC Blog","article_publisher":"https:\/\/facebook.com\/lacnic","article_published_time":"2026-03-24T19:38:14+00:00","article_modified_time":"2026-03-24T19:46:44+00:00","og_image":[{"width":680,"height":330,"url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/rpki-social-engineering-2026.jpg","type":"image\/jpeg"}],"author":"Gianni","twitter_card":"summary_large_image","twitter_creator":"@lacnic","twitter_site":"@lacnic","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#article","isPartOf":{"@id":"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/"},"author":{"name":"Gianni","@id":"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab"},"headline":"RPKI vs social engineering: A case study in route hijacking","datePublished":"2026-03-24T19:38:14+00:00","dateModified":"2026-03-24T19:46:44+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/"},"wordCount":1004,"commentCount":0,"publisher":{"@id":"https:\/\/blog.lacnic.net\/#organization"},"image":{"@id":"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/rpki-social-engineering-2026.jpg","keywords":["Routing"],"articleSection":["Routing"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/","url":"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/","name":"LACNIC Blog | RPKI vs social engineering: A case study in route hijacking","isPartOf":{"@id":"https:\/\/blog.lacnic.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#primaryimage"},"image":{"@id":"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/rpki-social-engineering-2026.jpg","datePublished":"2026-03-24T19:38:14+00:00","dateModified":"2026-03-24T19:46:44+00:00","breadcrumb":{"@id":"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#primaryimage","url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/rpki-social-engineering-2026.jpg","contentUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/rpki-social-engineering-2026.jpg","width":680,"height":330},{"@type":"BreadcrumbList","@id":"https:\/\/blog.lacnic.net\/en\/rpki-vs-social-engineering-a-case-study-in-route-hijacking\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/blog.lacnic.net\/en\/"},{"@type":"ListItem","position":2,"name":"RPKI vs social engineering: A case study in route hijacking"}]},{"@type":"WebSite","@id":"https:\/\/blog.lacnic.net\/#website","url":"https:\/\/blog.lacnic.net\/","name":"LACNIC Blog","description":"En el Blog de LACNIC encontrar\u00e1s art\u00edculos t\u00e9cnicos vinculados al desarrollo de Internet en la regi\u00f3n de Am\u00e9rica Latina y el Caribe.","publisher":{"@id":"https:\/\/blog.lacnic.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.lacnic.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/blog.lacnic.net\/#organization","name":"LACNIC Blog","url":"https:\/\/blog.lacnic.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/","url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg","contentUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg","caption":"LACNIC Blog"},"image":{"@id":"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/lacnic","https:\/\/x.com\/lacnic","https:\/\/www.instagram.com\/lacnic\/?hl=es-la","https:\/\/uy.linkedin.com\/company\/lacnic","https:\/\/www.youtube.com\/user\/lacnicstaff","https:\/\/www.lacnic.net\/podcast"]},{"@type":"Person","@id":"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab","name":"Gianni","url":"https:\/\/blog.lacnic.net\/en\/author\/gianni\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/03\/rpki-social-engineering-2026.jpg","jetpack_sharing_enabled":true,"wpml_current_locale":"en_US","wpml_translations":[{"locale":"es_ES","id":33085,"post_title":"RPKI vs ingenier\u00eda social: un estudio de caso de secuestro de rutas","slug":"rpki-secuestro-rutas-bgp","href":"https:\/\/blog.lacnic.net\/rpki-secuestro-rutas-bgp\/"},{"locale":"pt_BR","id":33113,"post_title":"\u00a0O RPKI versus a engenharia social: um estudo de caso sobre sequestro de rotas","slug":"o-rpki-versus-a-engenharia-social-um-estudo-de-caso-sobre-sequestro-de-rotas","href":"https:\/\/blog.lacnic.net\/pt-br\/o-rpki-versus-a-engenharia-social-um-estudo-de-caso-sobre-sequestro-de-rotas\/"}],"_links":{"self":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts\/33101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/comments?post=33101"}],"version-history":[{"count":4,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts\/33101\/revisions"}],"predecessor-version":[{"id":33129,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts\/33101\/revisions\/33129"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/media\/33098"}],"wp:attachment":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/media?parent=33101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/categories?post=33101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/tags?post=33101"},{"taxonomy":"archivo","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/archivo?post=33101"},{"taxonomy":"taxonomy-authors","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/taxonomy-authors?post=33101"},{"taxonomy":"tipo_autor","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/tipo_autor?post=33101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}