How the Internet Got Hijacked – For a While

May 3, 2019
Internet Got Hijacked

A measly Nigerian ISP has hijacked internet traffic meant for Google’s data centers. The incident, called a BGP hijack, occurred last November 12, between 13:12 and 14:35, Pacific Time, according to Google.


The incident was first detected and reported by an online service that monitors the routes that internet traffic takes through the smaller internet service provider (ISP) networks that make up the larger internet.


The incident was caused by a small Nigerian ISP named MainOne Cable Company (AS37282), which announced to nearby ISPs that it was hosting IP addresses that were normally assigned to Google’s data center network. The Nigerian ISP incorrectly announced it was hosting 212 Google network prefixes in five different waves, for a total of 74 minutes.


This bad routing announcement leaked downstream to other ISPs, causing more and more nearby providers to send Google-intended traffic to MainOne’s network, instead of the normal BGP routes.


According to network security experts from a cloud security company, the path that this traffic took most often was one via TransTelecom (AS 20485) in Russia and China Telecom (AS 4809) in China.


They noticed that this leak was primarily propagated by business-grade transit providers and did not impact consumer ISP networks as much. All the traffic slammed into the great firewall, terminating at China Telecom edge router. Whatever traffic ended up reaching the small Nigerian ISP, was later dropped, resulting in zero Google connectivity for impacted users.


The incident caused quite a stir online, and especially among networking and cyber-security experts.

BGP hijacks are considered highly dangerous, as it allows the unauthorized network through which the traffic goes to intercept, analyze, and log sensitive traffic that could be decrypted at a later date.


Temporary Google traffic redirection marks just another incident in a long list of BGP hijacks incidents that have been a major problem since the 1990s.


Even if the traffic “misdirection” by the Nigerian ISP was intentional or accidental, the problem still lies with the BGP itself, a protocol developed in the 1980s, which has no security features and is still used today to interconnect ISP networks and relay internet traffic.


In a statement released by MainOne – We have investigated the advertisement of Google prefixes through one of our upstream partners. This was an error during a planned network upgrade due to a misconfiguration on our BGP filters. The error was corrected within 74mins & processes put in place to avoid reoccurrence.


About the author

Leave a Reply