The whole thing feels dishonest. BGP is working as intended, so should we really call hijacking a "vulnerability"? A failure to acknowledge that the protocol is fundamentally flawed and not fit for purpose.
BGP is working as intended, according to how it was designed before we had the opportunity to have decades of observations about how it can be abused.
And BGP is not really fundamentally flawed, what is fundamentally flawed is trying to get everyone to build an authoritative database on who owns which IPs and how they connect to their upstreams/downstreams, without it being possible for someone to manipulate that database nefariously. As we are on hacker news, you are probably aware that there is no such thing as a hack-proof system. The old IRR system would have been perfect if every IRR hoster had a dedicated team of highly trained NOC engineers who are capable of making cross references using the RIR databases to the fullest and investigate any anomalies to prevent any malicious submissions. Unfortunately, that doesn't scale as well as rolling out something smarter like RPKI. Unfortunately, everything was already setup to use the IRRs and some people like it that way, so getting to 100% RPKI adoption has been slow, just like IPv4 addresses will probably always be worth more than IPv6 even though in principle, IP address space should have zero inherent value because it's just a number and should not have any limited supply.
