An internet redirect hijack that rerouted traffic through Russia and China disrupted multiple Google services, including cloud-hosting and searches, on Monday.
According to independent analysis, the cause of the issue was a redirect of traffic through Internet Service Providers (ISPs) in Russia, China and Nigeria. Reports of sluggish Google services first began at 1:12 PM PST, according to Google’s own Cloud Status Dashboard – a tool that monitors uptime for enterprise services.
Notably, consumer-facing apps including YouTube were also affected with users experiencing slowdowns with other reliant third-party services also seeing disruption.
The incident occurred over an hour later at 2:35 PM. At 3:01, Google described the issue as “Google Cloud IP addresses being erroneously advertised by internet service providers other than Google”.
“Throughout the duration of this issue, Google services were operating as expected and we believe the root cause of the issue was external to Google,” the company said in a statement.
The interruption lasted nearly two hours before finally ending about 5:30 PM EST.
Cybersecurity firm ThousandEyes highlighted a “potential hijack” during the suspicious reroute of activity.
ThousandEyes BGP Route Visualization shows the 18.104.22.168/19 prefix being leaked into the Internet, which would cause traffic to #Google to be routed via networks in #Russia, #China and #Nigeria pic.twitter.com/q9OlHCIvNK
— ThousandEyes (@thousandeyes) November 12, 2018
“All of Google’s public-facing edge seems to be getting broadly affected,” ThousandEyes marketing executive Alex Henthorne-Iwane told the Wall Street Journal. “Most of the traffic is being dropped at China Telecom.”
While Google insists that there is no reason to chalk the incident as a malicious hijack – no data was compromised due to encrypted traffic – the WSJ report does raise the possibility of a third-party malicious intercept of the data, similar to a man-in-the-middle attack.
“If they have access to a large enough network operator, hackers can alter network maps stored on core internet routers through a system known as border gateway protocol, or BGP,” the report suggested. “Using BGP flaws to reroute data could let a hacker steal information, eavesdrop on traffic or send information into cyber oblivion, security researchers say.”
Image credit: Pexels.