SoylentNews is people
SoylentNews
The Register reports a hack, speculated to be intentional instead of the usual finger fumble, whereby all of Google's traffic was routed for just over an hour to servers in Russia and China.
The Register story: https://www.theregister.co.uk/2018/11/13/google_russia_routing/.
It quotes this update from Google: https://status.cloud.google.com/incident/cloud-networking/18018#18018002
Excerpt from the update:
The issue with Google Cloud IP addresses being erroneously advertised by internet service providers other than Google has been resolved for all affected users as of 14:35 US/Pacific. Throughout the duration of this issue Google services were operating as expected and we believe the root cause of the issue was external to Google. We will conduct an internal investigation of this issue and make appropriate improvements to our systems to help prevent or minimize future recurrence.
As BGP is "broken by design", i.e. assumes trust where there is no longer any, what is perhaps surprising is that it took so long to happen. Does not augur well.
So much for "the internet always routes around damage". Maybe "always" takes time to happen...
Exercise for the reader: is it possible to circumvent this effectively, and if so, how? Has my paranoia-meter misfired, and there's really nothing to worry about?
(Score: 4, Interesting) by Hyperturtle on Tuesday November 13 2018, @04:45PM
"what is perhaps surprising is that it took so long to happen. Does not augur well."
It hasn't augured well for a long time. Here's a list previous auguation situations, from just a quick search. This is not the first time; for those not following this regularly, the list below is from some of the bigger moments in rerouting history.
https://www.wired.com/2014/08/isp-bitcoin-theft/ [wired.com]
https://csecybsec.com/cse-news/experts-detailed-how-china-telecom-used-bgp-hijacking-to-redirect-traffic-worldwide/ [csecybsec.com]
https://securityaffairs.co/wordpress/66838/hacking/bgp-hijacking-russia.html [securityaffairs.co]
http://securityaffairs.co/wordpress/62409/hacking/google-mistakeinternet-outage-japan.html [securityaffairs.co]
https://bgpmon.net/googles-services-redirected-to-romania-and-austria/ [bgpmon.net]
http://germany.timesofnews.com/bgp-attacks-hijack-telegram-traffic-in-iran [timesofnews.com]
Those are not in chronological order, but this has been a problem since before Google. It's just that Google is such an attractive target...
Within the past 5 years it's happened yearly, often to Google. Usually that 8.8.8.8 IP is redirected to some wooden shack on a remote island and then the vans drive off to the airfield and docks with their theoretical bandwidth just as the problems are resolved. It's not just limited to Google nor is it always intentional.
Most of the abuses witnessed are due to a lack of expertise or controls at the ISP; you have to trust your peers, but you can also reject routes you don't expect from them. That can prevent a lot of damage if you only accept what you are supposed to get... it keeps clients from advertising the wrong networks, by design or by accident.
If the redirect comes from a major player, then yes it may be infeasible to filter routes on a giant backbone; redundancy also can mean routes change between providers or links, etc. It can be done, but takes time and money. Often, small regional ISPs are to blame--they do not have time and money to trust but verify their connections and enforce policies reducing the impact of mistakes or bad intent. They just permit any any, participate in the routing exchanges and let the internet sort it out further up or down stream. Sometimes taking action accepts liability, and that is often something to avoid.
It's also harder to defend against some issues... the bad actors are either highly motivated or state-level actors with significant backing, and small regional ISPs don't have much chance to stop anything like that even with time and money.