You can take over other providers IP space by announcing their IPs via BGP from well connected high ranked tier ISPs, but just because you can do one thing does not mean you should exercise it.<p>Internet was built on the premise that you can trust other organisations such as good willed universites, it was not built for a landscape of internet crime and state sponsored hackers.<p>BGP and central certificate authorities is flawed in princicple and this sense. Its very easy to create fake certificates for big organisations if you have the power of a state.<p>Diginotar is such an Epic fail of CA which shows exactly why you cannot trust central trust when there is state hackers at work.<p>So you either hijack BGP, DNS or Central certificate authority then you steal peoples cookies. Since most does not use two factor authentication that is enough to take ownership of their email accounts. Once the email accounts is compromised all other accounts can be compromised through password resets.