In the latest of a string of border gateway protocol (BGP)-based incidents, Google suffered a series of connectivity issues overnight when traffic was incorrectly routed via China Telecom.
The incident began at 21:13 UTC when a small ISP in Nigeria called MainOne Cable Company updated tables to inaccurately state that its autonomous system 37282 was the proper path to reach 212 IP prefixes belonging to Google. Minutes later China Telecom accepted the new route and announced it globally, leading a host of other service providers to follow the route.
Google said in a statement that the issue has been resolved, but that the disruption was due to an external issue. "Google Cloud IP addresses [were] erroneously advertised by internet service providers other than Google. We will conduct an internal investigation of this issue and make appropriate improvements to our systems to help prevent or minimise future recurrence", the internet giant said. It is unclear which Google services were disrupted and how extensive the problem became.
Although the company ascribes the routing mishap to accidental rather than malicious intervention, recent reports linking China Telecom to an extensive campaign of BGP hijacking and rerouting of Western internet traffic have raised suspicions. Commentators on Twitter were quick to point to malicious intentions as the incident unfolded:
active bgp hijack of google in progress, confirmed from cogent's own LG:https://t.co/DsE2D1vSZA— Kris Slevens (@cpqNetworks) November 12, 2018
eg: IPv4 trace https://t.co/V8T63dD05v from Dallas
To China by way of TransTeleKom Moscow... Oof. #bgp #networking @briankrebs pic.twitter.com/N5zUyLcZ4w
Gavin Millard, VP of intelligence at Tenable, said: "There has been a noticeable uptick in recent years of abusing BGP through hijacking and the manipulation of where data flows, similar to the issue observed against Google. While methods to introduce a level of security into routing do exist, at the core BGP is based more on honour than strict validation of what routes are advertised.
"From a security perspective, the main concern surrounding BGP hijacking and manipulation is the possibility that data could be re-routed through a hostile network, collected for further analysis or malicious payloads like malware injected into the communication stream.
"Fortunately, there are advances in improving BGP to ensure traffic is sent via the best path rather than subverted, but these changes take time to gain broad adoption."
In recent weeks there have been several high-level papers warning of the dangers of relying on the current trust-based global internet routing system. Although attacks exploiting this trust have been possible since the early days of the internet, it seems there is growing concern that bad actors could be actively doing so.
The Internet Society published a white paper, "Routing security for policymakers", which called for action on the issue, while experts from the US Naval War College issued a paper titled "China’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking".