Internet 'hijack' sees Google traffic misdirected through China and Russia in possible war-game experiment

Incident 'put valuable Google traffic in the hands of ISPs in countries with a long history of internet surveillance,' researchers say

Anthony Cuthbertson
Tuesday 13 November 2018 07:53 EST
Comments
A Google sign is seen at a conference in Shanghai, 5 November, 2018
A Google sign is seen at a conference in Shanghai, 5 November, 2018 (Reuters)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Large parts of the internet went down for more than an hour on Monday after a strange incident meant web traffic intended to reach Google was rerouted through China and Russia.

The web giant said its search engine, as well as apps like Spotify that rely on its services, stopped working as a result.

Google did not reveal how many users were affected, though researchers from the network-intelligence company ThousandEyes reported instances of web traffic being redirected from the UK, France and the US.

The researchers said the misdirected traffic was of particular concern given the list of countries through which large amounts of sensitive data was passing.

The incident "put valuable Google traffic in the hands of ISPs in countries with a long history of internet surveillance," ThousandEyes researcher Ameet Naik wrote in a blog post.

The traffic misdirection, known as a border gateway protocol (BGP) hijacking, lasted for around an hour and a half on Monday evening, ending at around 10.30pm GMT.

"[It] further underscores one of the fundamental weaknesses in the fabric of the internet," Mr Naik wrote. "Even corporations like Google with massive resources at their disposal are not immune from such BGP hijacks and leaks."

ThousandEyes executive Alex Henthorn-Iwane said it was the worst incident affecting Google traffic that his firm had ever seen. He also speculated that the hijacking may have been the result of "a war-game experiment".

The incident was particularly suspicious because internet traffic was being sent to the Chinese government’s internet provider, China Telecom, which has previously been accused of improperly routing traffic through China.

A report earlier this year by researchers at the US Naval War College and Tel Aviv University found China Telecom has been hijacking internet traffic passing through the US and Canada on a regular basis.

"Conveniently, China Telecom has ten strategically placed, Chinese controlled internet ‘points of presence’4 (PoPs) across the internet backbone of North America," the report stated.

"Vast rewards can be reaped from the hijacking, diverting, and then copying of information-rich traffic going into or crossing the United States and Canada – often unnoticed and then delivered with only small delays."

Support free-thinking journalism and attend Independent events

A Google spokesperson told The Independent: “We’re aware that a portion of internet traffic was affected by incorrect routing of IP addresses, and access to some Google services was impacted. The root cause of the issue was external to Google and there was no compromise of Google services.”

In an update to its Google Cloud Status Dashboard, Google said it was conducting an internal investigation in the hope of making "appropriate improvements" to help prevent a future recurrence of the issue.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in