An attacker redirects internet traffic destined for your domain's IP address to their own server by falsely announcing ownership of your IP prefix to the global BGP routing system. Your domain still resolves to the correct IP via DNS, but packets never arrive there—they get routed elsewhere instead.
This is fundamentally different from DNS hijacking. While DNS poisoning redirects your domain name to a fake IP, BGP hijacking intercepts traffic en route to the legitimate IP. The attacker announces a more specific BGP route (e.g., 203.0.113.0/25 instead of 203.0.113.0/24) and border gateway routers prefer the more specific prefix, diverting your traffic to their infrastructure.
Why it matters: BGP hijacks are rare but catastrophic. They bypass DNS security (DNSSEC won't help), TLS certificates (if the attacker can MITM the connection), and most common defenses. Notable incidents include the 2014 Indosat hijack, 2017 Verizon/AWS routes, and 2021 Facebook/Cloudflare outage.
Mitigation requires RPKI (Resource Public Key Infrastructure) adoption at your ISP and upstream providers—essentially cryptographic proof of IP ownership. Most smaller operators lack this protection. If you run critical infrastructure, demand RPKI validation from your hosting provider.