BGP has almost no security. Anyone can hijack any IP address, especially if you can find an unused /24 so that the owner isn't inconvenienced.

Considering the ever impending IPv4 exhaustion, couldn't we just "re-use" NK's IP range, since they're unlikely to need them soon?

They actually do run services on those ranges and make use of at least a portion of their IP space.

So you can basically start telling the internet "I AM THIS IP" and eventually the internet will go "YOU ARE THIS IP" ?

In theory, yes.

In reality, most ISPs (that I've dealt with, anyway) do prefix filtering to prevent just this sort of thing.

What is prefix filtering?

To tell anybody ‘I AM ISP A’ you will have to connect physically to some ISP C. C will then (hopefully) check you and if you go ‘I AM ISP A’ he’ll ignore you and don’t tell anyone unless you’re really ISP A and he determined you to be this guy.

There are rather obvious limits, however, for example you will likely have to believe your ISP C if he says ‘I AM ISP B NOW, TOO’. If you then connect to another ISP D, and tell him ‘I KNOW ISP B’, D will have to decide whether to trust you (likely if you are a large telecom company) or not (if you just happen to have two 10 MBit/s lines to C and D each).

Yes. As far as I know, that's what happened when Iran started blocking YouTube in Iran and mistakenly blocked it in entire world.

Luckily, AFAIK, BGP is trust-based, so things go to normal pretty quickly.

Did you mean Pakistan?

http://www.ripe.net/internet-coordination/news/industry-deve...

> Anyone can hijack any IP address

Not quite.

It is, but apparently the upstream provider doesn't filter the ICMP reply packets (with SRC IP of the Korean ISP), which are sent by thepiratebay servers.