12 November 2018
An internet diversion which rerouted data traffic through Russia and China led to the disruption of several Google services on Monday. Google’s search and cloud-hosting services were affected for 2 hours as a consequence.
The disruption lasted for nearly two hours and ended about 5:30 pm EST (4 am IST), the company stated. Apart from this, a Nigerian internet provider was also involved in the disruption.
Google confirmed Monday's disruption via a network status page but added that it believed the cause was "external to Google."
The specific method used was called border gateway protocol hijacking and is known to knock essential services offline and facilitate espionage as well as financial theft. Google’s network traffic is encrypted which protects it from prying eyes even if diverted.
Alex Henthorn-Iwane who works with network-intelligence company ThousandEyes stated that the incident was the worst affecting Google till now.
He said he suspected nation-state involvement because the traffic was effectively landing at state-run China Telecom. A recent study by US Naval War College and Tel Aviv University scholars says China systematically hijacks and diverts US internet traffic. Henthorn-Iwane stated that the hijacking may have been "a war-game experiment."
There have been two recent cases where such rerouting has affected financial sites. In April 2017, one such rerouting had affected Mastercard and Visa among other sites. In April 2018, another hijacking enabled cryptocurrency theft. The US Department of Homeland Security has not responded to a request for comment.
ThousandEyes named China Telecom, Russian internet provider Transtelecom and the Nigerian ISP MainOne as the companies involved in the incident.