The mysterious re-routing of Google traffic could have been an attack or a glitch



[ad_1]

Photo: Ted S. Warren (AP)

Some web services provided by the Internet giant, Google, were briefly interrupted on Monday as a result of a Google Cloud IP problem described by the company in a blog article as being "external" "and being the subject of an investigation.

According to the Wall Street Journal, some Google services were "temporarily inaccessible to some users after traffic intended to reach the web giant was redirected via other networks", although the company did not publicly disclosed if she had determined that the problem was a technical error. or an attempt to hack. The AP, however, indicated that the rerouting may have been caused by a border gateway protocol piracy attack, during which an Internet hub responsible for the management of the global Internet traffic lanes is compromised to send this traffic. to bad destinations. Alex Henthorn-Iwane of the ThousandEyes intelligence company told AP that some of Google's cloud-based search and hosting services were routed by Russian telecom companies (Transtelecom), Chinese (China Telecom), and Nigerian ( MainOne)

Alex Henthorn-Iwane, leader of the information society ThousandEyes networks, called the incident on Monday the worst incident on Google that his company has known.

He said he suspected the involvement of a nation-state because the traffic was landing at China Telecom, a state-owned company. A recent study by US academics Naval War College and Tel Aviv University indicates that China routinely hijacks and deflects US Internet traffic.

Global systems for routing Internet traffic are potentially vulnerable because, at a time when the Internet has become one of the world's major geopolitical battlegrounds, vendor independence and neutrality is not always a separate issue. Henthorn-Iwane told AP that he suspected the attack could have been a "war game experience".

However, Google told the Journal that they had no reason to believe the incident was malicious in nature. In a blog post, ThousandEyes acknowledged that the incident could have been simply a technical problem related to the BGP peering agreements between MainOne and China Telecom, the largest fixed-line service in China:

Our analysis indicates that the origin of this leak is the BGP peering relationship between MainOne, the Nigerian supplier, and China Telecom. MainOne has a peering relationship with Google via IXPN in Lagos and has direct links to Google, which has expired to China Telecom. Although we do not know if it was a misconfiguration or a malicious act, these leak routes have spread from China Telecom via TransTelecom to NTT and other transit ISPs. We also found that this leak originated mainly from professional transit service providers and did not have as much impact on the networks of mainstream Internet service providers.

The vast majority of Google's network traffic is encrypted using the HTTPS protocol, which, according to the AP, could help prevent diverted data from actually being accessed by a malicious party.

[AP/Wall Street Journal]
[ad_2]
Source link