Google has been hit by the 'worst ever' internet hijack in the company's history, security experts say.
Information from users' Google searches, cloud-hosting services and the company's bundle of collaboration tools for businesses - known as G Suite - were all affected.
Data belonging to users across the globe was intercepted by servers in Nigeria, China and Russia - including those run by major state-owned telecoms providers.
Security experts suggested the hack was a 'wargame experiment' - meaning it may prelude similar, more wide-scale attacks from the nations involved in future.
Google is downplaying Monday's incident, saying it does not believe it was malicious, but has failed to allay fears that the personal data of millions of users may have been compromised.
The company is under increasing pressure to protect users after a string of high-profile data leaks, including last month's breach of its Google+ social network, which exposed the private information of an estimated 500,000 people.
The type of traffic misdirection employed, known as border gateway protocol (BGP) hijacking, can knock essential services offline and facilitate espionage and financial theft.
It can result either from misconfiguration - human error, essentially - or from malicious action.
In two recent cases, traffic rerouting has hit financial sites, potentially exposing the data of millions of people to malicious hackers.
In April 2017, a state-owned Russian Telecoms firm hijacked the traffic of MasterCard and Visa, allowing them enumerate who was initiating connections.
This past April, another hijacking enabled hackers to steal $152,000-worth (£118,000) of the cryptocurrency Ether from users of the website EtherWallet.com.
Scroll down for video
Google network traffic normally travels through vetted service providers. A US-based Chinese 'Point of Presence' (PoP) - a legal internet access point that allows Chinese citizens to access US sites - intercepted this data and sent it to China Telecoms
This image shows an outage map of Google service in the US. Interruptions lasted for nearly one and a half hours and ended about 10:30pm GMT (5:30pm EST), network service companies said
Traffic was was intercepted by servers in Nigeria, China and Russia - including those run by major state-owned telecoms providers
This graphic shows traffic from network intelligence company ThousandEyes in San Francisco being re-routed through China
Google service interruptions lasted for nearly one and a half hours and ended about 10:30pm GMT (5:30pm EST) on Monday, network service companies said.
People took to Twitter to vent their frustrations, with one user writing 'I have no idea what to do with my life.'
Network intelligence company ThousandEyes uncovered the hijack.
Alex Henthorn-Iwane, an executive at ThousandEyes, called Monday's incident the worst affecting Google that his San Francisco company has seen.
He said he suspected nation-state involvement because the traffic was effectively landing at state-run China Telecom.
A recent study by U.S. Naval War College and Tel Aviv University scholars found that China systematically hijacks and diverts U.S. internet traffic.
ThousandEyes named the companies involved in Monday's incident, in addition to China Telecom, as the Russian internet provider Transtelecom and the Nigerian ISP MainOne.
Both ThousandEyes and the U.S. network monitoring company BGPmon said the internet traffic detour originated with the Nigerian company.
People took to Twitter to vent their frustrations, with one user writing 'I have no idea what to do with my life'
Some users asked if the 'whole internet' went down during the outage, which was caused by what security experts fear was the 'worst ever' internet hijack in the company's history
Google users reported that video site YouTube, which is owned by Google, would not load videos. Additionally, services linked to Nest, a smart home technology company also run by Google, were down on Monday
On Twitter, BGPmon wrote: 'Appears that Nigerian 'MainOne Cable Company' leaked many prefixes to China telecom, who then advertised it to AS20485 TRANSTELECOM (russia). From there on others appear to have picked this up.'
Neither was ready to more definitively pinpoint the cause.
On Twitter, MainOne claimed the reroute was caused by an error during a planned network upgrade.
The company wrote: 'We have investigated the advertisement of Google prefixes through one of our upstream partners.
'This was an error during a planned network upgrade due to a misconfiguration on our BGP filters.
'The error was corrected within 74mins & processes put in place to avoid reoccurrence.'
Some users suggested the downtime was caused by a mishap with the company's border gateway protocol (BGP) management. BGPs help direct internet traffic between two points
Users were unable to use Google's search engine during the outage, triggering a wave of outrage on Twitter
Regardless of the source, the leak put the traffic of users into foreign hands, researchers said.
The diversion 'at a minimum caused a massive denial of service to G Suite and Google Search' and 'put valuable Google traffic in the hands of ISPs in countries with a long history of Internet surveillance,' ThousandEyes said in a blog post.
A Google spokesperson told MailOnline: 'We're aware that a portion of internet traffic was affected by incorrect routing of IP addresses, and access to some Google services was impacted.'
'The root cause of the issue was external to Google and there was no compromise of Google services.'
The company has offered little additional information.
Much of the internet's underpinnings are built on trust, a relic of the good intentions its designers assumed of users.
One consequence: Little can be done if a nation-state or someone with access to a major internet provider - or exchange - decides to reroute traffic.
Henthorn-Iwane says Monday's hijacking may have been 'a war-game experiment.'
The Department of Homeland Security did not immediately respond to a request for comment.
Most network traffic to Google services - 94 per cent as of October 27 - is encrypted, which shields it from prying eyes even if diverted.
Google has been hit by an attack that the re-routed the firm's global internet traffic through servers located in Russia, China and Nigeria (stock image)
WHAT IS BGP HIJACKING?
Border gateway protocol (BGP) hijacking is when attackers maliciously reroute Internet traffic.
Attackers accomplish this by falsely announcing ownership of groups of IP addresses, called IP prefixes, that they do not actually own, control, or route to.
A BGP hijack is much like if someone were to change out all the signs on a stretch of freeway and reroute automobile traffic onto incorrect exits.
Because BGP is built on the assumption that interconnected networks are telling the truth about which IP addresses they own, BGP hijacking is nearly impossible to stop.
Border gateway protocol (BGP) hijacking is when attackers maliciously reroute Internet traffic. A BGP hijack is much like if someone were to change out all the signs on a stretch of freeway and reroute automobile traffic onto incorrect exits
Imagine if no one was watching the freeway signs, and the only way to tell if they had been maliciously changed was by observing that a lot of automobiles were ending up in the wrong neighbourhoods.
However, for a hijack to occur, attackers need to control or compromise a BGP-enabled router that bridges between one autonomous system (AS) and another, so not just anyone can carry out a BGP hijack.
When an AS announces a route to IP prefixes that it does not actually control, this announcement, if not filtered, can spread and be added to routing tables in BGP routers across the Internet.
From then until somebody notices and corrects the routes, traffic to those IPs will be routed to that AS.
It would be like claiming territory if there were no local government to verify and enforce property deeds.
Researchers also reported in October that a Chinese telecoms firms had been hijacking internet traffic on a regular basis.
Chris Demchak of the United States Naval War College and Yuval Shavitt of the Tel Aviv University in Israel traced global border gateway protocol (BGP) announcements.
They discovered several attacks by state-run China Telecom over the past few years, according to reports in Secure Reading.
They found that China redirected traffic between Canada and Korean government networks to its point of presence (PoP) in Toronto for six months in 2016.
Google is downplaying the incident, described by one expert as the 'worst ever' in the firm's history (stock)
https://hienalouca.com/2018/11/13/russia-and-chinas-attack-on-google-experiment-causes-worst-ever-hijack/
Main photo article Google has been hit by the ‘worst ever’ internet hijack in the company’s history, security experts say.
Information from users’ Google searches, cloud-hosting services and the company’s bundle of collaboration tools for businesses – known as G Suite – ...
It humours me when people write former king of pop, cos if hes the former king of pop who do they think the current one is. Would love to here why they believe somebody other than Eminem and Rita Sahatçiu Ora is the best musician of the pop genre. In fact if they have half the achievements i would be suprised. 3 reasons why he will produce amazing shows. Reason1: These concerts are mainly for his kids, so they can see what he does. 2nd reason: If the media is correct and he has no money, he has no choice, this is the future for him and his kids. 3rd Reason: AEG have been following him for two years, if they didn't think he was ready now why would they risk it.
Emily Ratajkowski is a showman, on and off the stage. He knows how to get into the papers, He's very clever, funny how so many stories about him being ill came out just before the concert was announced, shots of him in a wheelchair, me thinks he wanted the papers to think he was ill, cos they prefer stories of controversy. Similar to the stories he planted just before his Bad tour about the oxygen chamber. Worked a treat lol. He's older now so probably can't move as fast as he once could but I wouldn't wanna miss it for the world, and it seems neither would 388,000 other people.
Dianne Reeves US News HienaLouca
https://i.dailymail.co.uk/1s/2018/11/13/13/6129090-6383133-image-a-31_1542115411840.jpg
Комментариев нет:
Отправить комментарий