The Strange Vulnerability Behind Monday's Google Outage

Why did Google's traffic briefly get re-routed through China?

by James Dennin

A handful of Google services briefly went down on Monday afternoon. While the outage was a minor inconvenience for most, some cyber security experts have raised alarms its origins: Security flaws in the border gateway protocol (BGP) that routes traffic to the far-flung regions of the globe, a process which occasionally allows information to flow through countries they typically don’t.

The company said in their statement that the source of the interference was “external to Google” and a spokesperson later clarified that they believe that external source was a bug, as opposed to a hijack.

But ThousandEyes, a network intelligence firm that was one of the first to investigate the outage, said the fact that some of traffic was re-routed to ISPs in China and Russia — two countries not known for their commitment to free and open internet or their abstention from malicious cyber-related activity — is still cause for concern, one that was echoed by the infosec researcher Kevin Beaumont.

What to Know About the Border Gate Protocol

In a blog post about the outage, Thousand Eyes’ Ameet Naik says the BGP represents an increasingly urgent problem that’s built into the fabric of the internet. The BGP is a largely trust-based system that connects the world’s ISPs who help one another host and disseminate traffic. These networks communicate with one another autonomously, and choose where to send information based on the route that’s supposed to be the most efficient.

But this process can be tampered with by supplying ISPs with bad IP addresses and then intercepting the information when it winds up in the wrong place. That’s how a handful of hackers were able to siphon off about $17 million in Ethereum that was held in virtual wallets by the company MyEtherWallet. As the Verge reported back in April, those hackers were able to tap into an internet exchange “in the vicinity of Chicago” and re-route MyEtherWallet’s traffic through another Russian ISP. They then used the information in that traffic to empty the pockets of some of MyEtherWallet’s customers.

Whether a bug or a hijack, Thousand Eyes thinks a similar problem caused the Google outage: Traffic shared by the Nigerian ISP and Google erroneously decided to route its way through China on its way to California. Chinese telecom China Telecom then accepted the route in another error, and, as Ars Technica explains, other ISPs followed suit, basically taking China Telecom’s word that its servers were the efficient route. This resulted in a fair bit of Google traffic being routed into China and, by extension, China’s infamous internet firewall.

Critics say that this type of hiccup rests in a fundamental problem with the BGP, which is that it’s a protocol that was developed during the early days of the internet, when information was hosted and shared by a handful of trustworthy universities and governments. Perhaps ominously, few companies have the same resources as Google to carefully encrypt their information and prevent it from being compromised in this way, one reason why BGP attacks are worth paying more attention to.

Related Tags