Published: Thu, November 15, 2018
IT | By Lester Massey

Internet BGP Hijack Takes Down Google G Suite, Analytics And Search

Internet BGP Hijack Takes Down Google G Suite, Analytics And Search

According to experts from ThousandEyes, a cloud security company, the path that this traffic took most often was one via TransTelecom (AS 20485) in Russian Federation and China Telecom (AS 4809) in China.

ThousandEyes marketing executive Alex Henthorne-Iwane said in a statement: "All of Google's public-facing edge seems to be getting broadly affected." he added, "Most of the traffic is being dropped at China Telecom".

The diversion "at a minimum caused a massive denial of service to G Suite (business collaboration tools) and Google Search" and "put valuable Google traffic in the hands of ISPs in (internet service providers) in countries with a long history of Internet surveillance", the network-intelligence company ThousandEyes said in a blog post.

Google, for its part, has not confirmed the details of the issue, but has confirmed what it describes as 'Google Cloud Networking Incident #18018' which saw 'Google Cloud IP addresses being erroneously advertised by internet service providers other than Google' for a period of around an hour. And soon Nigeria joined it in re-routing the Google partner Cloudflare's IP addresses.

The type of traffic misdirection involved can knock essential services offline and facilitate espionage and financial theft.

A /19 prefix contains 8,192 internet protocol addresses and traffic to these was redirected to a China Telecom router at Russian internet provider TransTeleCom in the Komi Republic, well-known for its gulag penal camps during the Soviet era.

"This incident further underscores one of the fundamental weaknesses in the fabric of the Internet", says ThousandEyes' Ameet Naik.

Google told The Wall Street Journal that the incident did not compromise any data. "If this could happen to a company with the scale and resources available that Google has, realize it could happen to anyone".

Although this automates routing the information over the internet, it also leaves room for traffic hijacking that can be malicious when intentional; as it seems to be the case now, the effect was disrupting Google service due to improper configuration. MainOne took 74 minutes to either notice or be notified of the issue and fix it, and it took about three-quarters of an hour more for services to come back up.

Network-monitoring companies say service interruptions lasted for almost two hours and ended about 5.30pm EST (12.30 AEDT). It affected Google's G Suite, Analytics, and Search.

Indeed, the phenomenon has occurred before. It sent all YouTube traffic into a virtual ditch in Pakistan.

Like this: