Internet 'hijack' sees Google traffic misdirected through China and Russia in possible war-game experiment

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Large parts of the internet went down for more than an hour on Monday after a strange incident meant web traffic intended to reach Google was rerouted through China and Russia.

The web giant said its search engine, as well as apps like Spotify that rely on its services, stopped working as a result.

Google did not reveal how many users were affected, though researchers from the network-intelligence company ThousandEyes reported instances of web traffic being redirected from the UK, France and the US.

The researchers said the misdirected traffic was of particular concern given the list of countries through which large amounts of sensitive data was passing.

The incident "put valuable Google traffic in the hands of ISPs in countries with a long history of internet surveillance," ThousandEyes researcher Ameet Naik wrote in a blog post.

The traffic misdirection, known as a border gateway protocol (BGP) hijacking, lasted for around an hour and a half on Monday evening, ending at around 10.30pm GMT.

"[It] further underscores one of the fundamental weaknesses in the fabric of the internet," Mr Naik wrote. "Even corporations like Google with massive resources at their disposal are not immune from such BGP hijacks and leaks."

ThousandEyes executive Alex Henthorn-Iwane said it was the worst incident affecting Google traffic that his firm had ever seen. He also speculated that the hijacking may have been the result of "a war-game experiment".

The incident was particularly suspicious because internet traffic was being sent to the Chinese government’s internet provider, China Telecom, which has previously been accused of improperly routing traffic through China.

A report earlier this year by researchers at the US Naval War College and Tel Aviv University found China Telecom has been hijacking internet traffic passing through the US and Canada on a regular basis.

"Conveniently, China Telecom has ten strategically placed, Chinese controlled internet ‘points of presence’4 (PoPs) across the internet backbone of North America," the report stated.

"Vast rewards can be reaped from the hijacking, diverting, and then copying of information-rich traffic going into or crossing the United States and Canada – often unnoticed and then delivered with only small delays."

A Google spokesperson told The Independent: “We’re aware that a portion of internet traffic was affected by incorrect routing of IP addresses, and access to some Google services was impacted. The root cause of the issue was external to Google and there was no compromise of Google services.”

In an update to its Google Cloud Status Dashboard, Google said it was conducting an internal investigation in the hope of making "appropriate improvements" to help prevent a future recurrence of the issue.