Google services disrupted by Internet traffic hijack

Doris Richards
November 15, 2018

While this would be a flawless opportunity to jump on the "China is evil" bandwagon, what is worth noting is traffic would drop upon hitting the Great Firewall of China, according to ThousandEyes' investigation.

During that time, web browsers and apps that tried to connect to Google, YouTube, etc, or sites and platforms on Google Cloud, such as Spotify and Nest, were routed to the Chinese telco via Russian ISP TransTelekom, and dropped into a black hole. "That resulted in some Google traffic being sent through Main One partner China Telecom, the West African firm said".

According to BGPmon, the incident was caused by a small Nigerian ISP named MainOne Cable Company (AS37282), which announced to nearby ISPs that it was hosting IP addresses that were normally assigned to Google's data center network. This route was accepted by China Telecom which then declared it worldwide. Sadly, while now in revision four, the standard comes with few protections: Routers with BGP enabled will accept any broadcast BGP messages by default, meaning that a properly-equipped attacker can - temporarily, at least - broadcast spurious BGP messages and reroute traffic without the AS owner's consent. While we don't know if this was a misconfiguration or a malicious act, these leaked routes propagated from China Telecom, via TransTelecom to NTT and other transit ISPs.

Services from Google on Monday became unavailable for up to two hours as user traffic followed a tortuous path through operators in Russian Federation and Nigeria before hitting the Great Firewall of China.

It detailed the issue as "Google Cloud IP addresses being erroneously advertised by internet service providers other than Google".

Google says that this was not a huge internal issue for the company or the data it hosts, as all of it is encrypted, but this is an example of how fragile seemingly robust internet services can be and how much of the internet's operation still relies on trust.

"This incident further underscores one of the fundamental weaknesses in the fabric of the Internet", says ThousandEyes' Ameet Naik. The problem is, as ThousandEyes explains, "BGP was created to be a chain of trust between well-meaning ISPs and universities that blindly believe the information they receive". While verification methods like ROA [Route Origin Authorization] exist, few ISPs use them. "Even corporations like Google with massive resources at their disposal are not immune from such BGP hijacks and leaks".

Other reports by Iphone Fresh

Discuss This Article