On 12th November, Google services were interrupted causing lack of access to users leading to connectivity issues which lasted for about 90 minutes, starting from 4PM EST until 5:30PM EST. It was later discovered that the cause behind the interruption was that the internet traffic was being diverted ultimately ending up in China after passing through a Russian ISP.
G Suite, Google Search and Google Analytics were affected by the disruption and the traffic hijack was spotted by ThousandEyes a network intelligence company based in San Francisco.
Though Google has begun an internal investigation, it deemed the issue as “external to Google”. However, in depth investigation by ThousandEyes revealed that first the traffic was traveling through a small ISP called MainOne in Nigeria after which it went on to TransTelecom a Russian ISP and finally ended up in China at China Telecom encountering the great firewall.
Though most of the Google data is encrypted, the risk was relatively low, however the fact that the disruption happened making Google’s traffic available for ISPs that had no reason to access it is worrisome as it led to a Denial of Service attack on Google.
The diversion has not been identified as an attack or a misconfiguration at MainOne and involves the Border Gateway Protocol (BGP) which permits sharing of information by autonomous systems on the basis of trust between well- meaning ISPs and universities according to ThousandEyes.
It further informs that BGP has not in itself incorporated the changing and complex commercial and geopolitical relationships existing between nations today. Keeping a check on the information being passed through these global networks including entities as big as Google is possible but not willingly done which restores the threat of further BGP hijacks and data leaks.