- Joined
- May 18, 1997
- Messages
- 56,088
Users attempting to access Google, Snapchat, Spotify, Nest, Google Cloud, and a myriad of other Alphabet hosted or related websites were met with unresponsive or slow connections. These intermittent availability issues were due to web traffic being rerouted through Russia, Nigeria, and China after a successful Border Gateway Protocol (BGP) Hijacking attack.
In very basic terms, BGP Hijacking occurs when an Autonomous System (the physical infrastructure used by an ISP) advertises to the traffic conductors of the internet highway that their own infrastructure will be a better pathway for packets to travel than everyone else's. In most cases this is an accidental configuration error that lasts seconds. In today's case it went on for over an hour.
You may be wondering what a nation state or government-controlled telecom could do with over an hour of redirected web traffic. Well wonder no more. Traffic sniffing, data manipulation, data exfiltration, disabling web based platforms and APIs are all possible. Keep in mind that we aren't setting any precedence here. In late October we referred to a report entitled "China is Hijacking the US Internet Backbone" which can be found here.
Google had this to say:
The issue with Google Cloud IP addresses being erroneously advertised by internet service providers other than Google has been resolved for all affected users as of 14:35 US/Pacific. Throughout the duration of this issue Google services were operating as expected and we believe the root cause of the issue was external to Google. We will conduct an internal investigation of this issue and make appropriate improvements to our systems to help prevent or minimize future recurrence.
Ironically, this is all possible because the internet was built with the understanding that the entities that conduct traffic on its super highways are trustworthy. If only it knew... Thanks to Joe Wood for the reporting!
In very basic terms, BGP Hijacking occurs when an Autonomous System (the physical infrastructure used by an ISP) advertises to the traffic conductors of the internet highway that their own infrastructure will be a better pathway for packets to travel than everyone else's. In most cases this is an accidental configuration error that lasts seconds. In today's case it went on for over an hour.
You may be wondering what a nation state or government-controlled telecom could do with over an hour of redirected web traffic. Well wonder no more. Traffic sniffing, data manipulation, data exfiltration, disabling web based platforms and APIs are all possible. Keep in mind that we aren't setting any precedence here. In late October we referred to a report entitled "China is Hijacking the US Internet Backbone" which can be found here.
Google had this to say:
The issue with Google Cloud IP addresses being erroneously advertised by internet service providers other than Google has been resolved for all affected users as of 14:35 US/Pacific. Throughout the duration of this issue Google services were operating as expected and we believe the root cause of the issue was external to Google. We will conduct an internal investigation of this issue and make appropriate improvements to our systems to help prevent or minimize future recurrence.
Ironically, this is all possible because the internet was built with the understanding that the entities that conduct traffic on its super highways are trustworthy. If only it knew... Thanks to Joe Wood for the reporting!