An internet diversion that rerouted data traffic through Russia and China disrupted several Google services on Monday, including search and cloud-hosting services.
Google confirmed Monday's disruption on a network status page but said only that it believed the cause was "external to Google ." The company had a little additional comment.
Service interruptions lasted for nearly two hours and ended about 5:30 p.m. EST., network service companies said. In addition to Russian and Chinese telecommunications companies, a Nigerian internet provider was also involved.
The specific method employed, formally known as border gateway protocol hijacking, can knock essential services offline and facilitate espionage and financial theft. Most network traffic to Google services ó94 per cent as of October 27 ó is encrypted, which shields it from prying eyes even if diverted.
Advertisement
Internet research firm ThousandEyes, however, claimed that "traffic to certain Google destinations appears to be routed through an ISP in Russia and black-holed at a China Telecom gateway router".
Alex Henthorn-Iwane, an executive at the network-intelligence company ThousandEyes said he suspected nation-state involvement because the traffic was effectively landing at state-run China Telecom. A recent study by US Naval War College and Tel Aviv University scholars says China systematically hijacks and diverts US internet traffic.
"Potential hijack underway. ThousandEyes detected intermittent availability issues to Google services from some locations. Traffic to certain Google destinations appears to be routed through an ISP in Russia & black-holed at a China Telecom gateway router," ThousandEyes tweeted.
Advertisement
According to media reports, G Suite applications like Gmail and Google Drive were not impacted.
Google described the issue as "Google Cloud IP addresses being erroneously advertised by internet service providers other than Google".
Much of the internet's underpinnings are built on trust, a relic of the good intentions its designers assumed of users. One consequence: little can be done if a nation-state or someone with access to a major internet provider decides to reroute traffic.
Henthorn-Iwane says Monday's hijacking may have been "a war-game experiment." In two recent cases, such rerouting has affected financial sites. In April 2017, one affected Mastercard and Visa among other sites. This past April, another hijacking enabled cryptocurrency theft.
The Department of Homeland Security did not immediately respond to a request for comment. ThousandEyes named the companies involved in Monday's incident, in addition to China Telecom, as the Russian internet provider Transtelecom and the Nigerian ISP MainOne.
(With inputs from agencies)
