Google traffic hijacked via tiny Nigerian ISP
A large chunk of the hijacked traffic passed through the network of a controversial Chinese state-owned telecom provider that was previously accused of intentionally misdirecting internet traffic. A tiny Nigerian ISP has hijacked internet traffic meant for Google’s data centers. The incident, called a BGP hijack, occurred yesterday, on November 12, between 13:12 and 14:35, Pacific time, according to Google.
The incident was first detected and reported by BGPmon, an online service that monitors the routes that internet traffic takes through the smaller internet service provider (ISP) networks that make up the larger internet. According to BGPmon, the incident was caused by a small Nigerian ISP named MainOne Cable Company (AS37282), which announced to nearby ISPs that it was hosting IP addresses that were normally assigned to Google’s data center network. BGPmon says the Nigerian ISP incorrectly announced it was hosting 212 Google network prefixes in five different waves, for a total of 74 minutes.
This bad routing announcement leaked downstream to other ISPs, causing more and more nearby providers to send Google-intended traffic to MainOne’s network, instead of the normal BGP routes. According to experts from ThousandEyes, a cloud security company, the path that this traffic took most often was one via TransTelecom (AS 20485) in Russia and China Telecom (AS 4809) in China. Whatever traffic ended up reaching the small Nigerian ISP, was later dropped, resulting in zero Google connectivity for impacted users.