Google traffic hijacked via tiny Nigerian ISP

A tiny Nigerian ISP has hijacked internet traffic meant for Google's data centers. The incident, called a BGP hijack, occurred yesterday, on November 12, between 13:12 and 14:35, Pacific time, according to Google.

The incident was first detected and reported by BGPmon, an online service that monitors the routes that internet traffic takes through the smaller internet service provider (ISP) networks that make up the larger internet.

ZDNet: Black Friday 2018 deals: Business Bargain Hunter's top picks | Cyber Monday 2018 deals: Business Bargain Hunter's top picks

According to BGPmon, the incident was caused by a small Nigerian ISP named MainOne Cable Company (AS37282), which announced to nearby ISPs that it was hosting IP addresses that were normally assigned to Google's data center network.

BGPmon says the Nigerian ISP incorrectly announced it was hosting 212 Google network prefixes in five different waves, for a total of 74 minutes.

This bad routing announcement leaked downstream to other ISPs, causing more and more nearby providers to send Google-intended traffic to MainOne's network, instead of the normal BGP routes.

According to experts from ThousandEyes, a cloud security company, the path that this traffic took most often was one via TransTelecom (AS 20485) in Russia and China Telecom (AS 4809) in China.

"We noticed that this leak was primarily propagated by business-grade transit providers and did not impact consumer ISP networks as much," said Ameet Naik, a manager for ThousandEyes.

"All the traffic slammed into the great firewall, terminating at China Telecom edge router," Naik added.

Whatever traffic ended up reaching the small Nigerian ISP, was later dropped, resulting in zero Google connectivity for impacted users.

The incident caused quite a stir online, and especially among networking and cyber-security experts. The reason is that of an academic paper published last month which accused China Telecom, a state-owned telecom firm, of repeated BGP hijacks that misdirected the traffic of western countries through its network for no good reason.

The findings of that research paper, which were very controversial and politically charged, were confirmed last week by Oracle's Internet Intelligence division (formerly known as Dyn).

BGP hijacks are considered highly dangerous, as it allows the unauthorized network through which the traffic goes to intercept, analyze, and log sensitive traffic that could be decrypted at a later date.

Yesterday's temporary Google traffic redirection marks just another incident in a long list of BGP hijacks incidents that have been a major problem since the 1990s.

Even if the traffic "misdirection" by the Nigerian ISP was intentional or accidental, the problem still lies with the BGP itself, a protocol developed in the 1980s, which has no security features and is still used today to interconnect ISP networks and relay internet traffic.

Efforts are ongoing to improve BGP with additional security features.

Update, November 13, 11:30am ET: MainOne, the Nigerian ISP that caused this mess, said on Twitter today that the whole incident was an accident.

RELATED SECURITY COVERAGE:

• China tells Trump to switch to Huawei after NYT iPhone tapping report
• US, Russia, China don't sign Macron's cyber pact
• Zero-day in popular WordPress plugin exploited in the wild to take over sites
• HTTP-over-QUIC to be renamed HTTP/3
• Why TENS is the secure bootable Linux you need TechRepublic
• Cloudflare launches Android and iOS apps for its 1.1.1.1 service
• Russian hacker pleads guilty to get-rich-quick botnet CNET
• Two botnets are fighting over control of thousands of unsecured Android devices

Best Black Friday 2018 deals:

• Amazon Seven Days of Black Friday Deals: All-time lows on office devices
• Amazon Black Friday 2018 deals: See early sales on Echo, Fire HD
• Best Buy Black Friday 2018 deals: Deep discounts on Apple Mac, Microsoft Surface
• Target Black Friday 2018 deals: $250 iPad mini 4, $120 Chromebook
• Walmart Black Friday 2018 deals: $99 Chromebook, $89 Windows 2-in-1
• Dell Black Friday 2018 deals: $120 Inspiron laptop, $500 gaming desktop
• Newegg Black Friday 2018 deals: $50 off Moto G6, $70 off Nest thermostat
• Office Depot Black Friday 2018 deals: $300 off Lenovo Flex, $129 HP Chromebook
• eBay Black Friday 2018 deals: See early sales on Galaxy Watch, Chromecast
• Lenovo Black Friday 2018 deals: ThinkPad laptops and more
• Microsoft Store Black Friday 2018 deals: Ad showcases Surface, laptop deals
• Windows laptops Black Friday deals: Dell, HP, Lenovo
• Chromebook Black Friday 2018 deals: Dell, Google, HP
• Best tablet Black Friday deals: Apple iPad, Amazon Fire
• Black Friday 2018 iPhone deals: $400 iPhone X gift card, BOGO iPhone XR
• Black Friday 2018 smartphone deals: OnePlus 6T, LG G7