Some Google users this afternoon reported that services, like YouTube, were slow or could not be accessed. The cause of this issue was company traffic being misdirected through ISPs in China, Nigeria, and Russia. Google is investigating the issue, but commented that there is no reason to believe this was an attack, with data encrypted for security
Reports of slowdowns and unavailability began at 1:12PM PST, according to the Google Cloud Status Dashboard that monitors uptime for the enterprise service. However, consumer apps like YouTube were also affected with users encountering slowdowns and reliant third-party services seeing other disruptions. G Suite applications like Gmail and Google Drive were not impacted, according to another dashboard.
The incident ended over an hour later at 2:35PM, with Google at 3:01PM describing the issue as “Google Cloud IP addresses being erroneously advertised by internet service providers other than Google”.
Throughout the duration of this issue Google services were operating as expected and we believe the root cause of the issue was external to Google. We will conduct an internal investigation of this issue and make appropriate improvements to our systems to help prevent or minimize future recurrence.
According to ThousandEyes, “traffic to certain Google destinations appears to be routed through an ISP in Russia & black-holed at a China Telecom gateway router.” China Telecom, Nigerian-provider MainOne, and Russian network operator TransTelekom were named by the security firm.
ThousandEyes BGP Route Visualization shows the 188.8.131.52/19 prefix being leaked into the Internet, which would cause traffic to #Google to be routed via networks in #Russia, #China and #Nigeria pic.twitter.com/q9OlHCIvNK
— ThousandEyes (@thousandeyes) November 12, 2018
Google told the Wall Street Journal that no data was compromised with encryption preventing any exploit. Meanwhile, the company currently has no reason to believe that the incident was malicious.
Besides technical errors due to a misconfigured system, the WSJ raises the possibility that a malicious party might have tried to intercept the data.
If they have access to a large enough network operator, hackers can alter network maps stored on core internet routers through a system known as border gateway protocol, or BGP. Using BGP flaws to reroute data could let a hacker steal information, eavesdrop on traffic or send information into cyber oblivion, security researchers say.
Google is conducting an internal investigation into the incident.