Google Suffered a Brief Outage on Monday Which Pushed Some of Its Traffic Through Russia, China and Nigeria; Company Says It Will Do an Investigation

Google suffered a brief outage and slowdown Monday, with some of its traffic getting rerouted through networks in Russia, China and Nigeria. From a report: Incorrect routing instructions sent some of the search giant's traffic to Russian network operator TransTelekom, China Telecom (which, as you may recall, has been found of misdirecting internet traffic in recent months) and Nigerian provider MainOne between 1:00 p.m. and 2:23 p.m. PT, according to internet research group ThousandEyes. "This incident at a minimum caused a massive denial of service to G Suite and Google Search," wrote Ameet Naik, ThousandEyes' technical marketing manager, in a blog post. "However, this also put valuable Google traffic in the hands of ISPs in countries with a long history of Internet surveillance. Applications like Gmail and Google Drive don't appear to have been affected, but YouTube users experienced some slowdown. Google noted that the issue was resolved and said it would conduct an internal investigation. Update: Nigeria's Main One Cable Co has taken responsibility for the glitch.

Re:

[godel_56]

North Korea doesn't do mail order brides.

I'm sure they would if there was enough money in it. They already do large scale drug dealing and money counterfeiting.

Re:

[hierofalcon]

Bandwidth problems would have made the problem obvious much too quickly.

Re:

[neilo_1701D]

This is just another in a long string of reasons to slowly back away from google.

Agreed... but to where? Bing search results have become dramatically worse in recent weeks. Yahoo... well, it uses Bing, so say no more. Duck Duck Go? Last time I used it, the results were all over the place.

Re:

[alvinrod]

I've started to wonder how useful search engines are anymore since it seems like I invariably end up in the same place 95% of the time. What I probably want most of the time for general knowledge is the Wikipedia article, if it's programming related it's likely to be on Stack Overflow, and for video content I may as well just go straight to YouTube (technically Google anyways, but that's a different argument), and there are a small number of other websites that I frequently end up on after searching for som

Re: Just another reason

[reanjr]

Search engines are super convenient for web developers. Much rather rely on Google to handle that for me than write my own (shitty) site search.

Re:

[fustakrakich]

but to where?

Yacy [yacy.net]. If more people use it, it can only get better. And it's very resistant to censorship.

What are you on about

[drinkypoo]

This is just another in a long string of reasons to slowly back away from google.

If you think this is a google-only problem, you should have your posting rights taken away immediately. This isn't just happening to Google, it's happening to just about everyone. If your traffic isn't encrypted, then this is a great reason to slowly back away from you.

difference is Google catches it, other sites don't

[raymorris]

The difference being that other sites don't KNOW when their traffic is being routed through Russia. Google knows, and with certificate pinning and other safeguards, the site just ends up being down rather than having surveillance actually work like it does for other sites.

Re:

[BringsApples]

Google's traffic is encrypted, but what does that matter if it's routed incorrectly? AFAIK, encryption is only a means to detour an attack. However if the stream of data is captured, it can be hacked at until the encryption is solved.

Besides the obvious implications involved with the above, there is also the possibility (get your conspiracy-theorist-bashing-vocabulary prepared) that these things (re-routed to the bad-guy countries) happen by design, in order to blame some out-of-reach entity for whatev

Re:

[Known Nutter]

How long do you believe it takes to crack a proper implementation of AES-256?

Re:

[BringsApples]

Dunno, but certainly finite.

Re:

[steveb3210]

Intractably finite...

Re:

[BringsApples]

To be fair...

Fifty supercomputers that could check a billion billion (1018) AES keys per second (if such a device could ever be made) would, in theory, require about 3×10-to-the-power-of-51 years to exhaust the 256-bit key space.

The thing to point out there is that exhausting the entire 256-bit key space is one way to skin a cat.

Cloud Services

[StormReaver]

But sure, by all means, put your important information on someone else's servers you have no control over. What could possibly go wrong? Oh, right, all of your important information could be shunted off to your competitors. But that's not a big deal, right?

This is an I.Q. test masquerading as a technical issue.

Re:Cloud Services

[bill_mcgonigle]

Oh, right, all of your important information could be shunted off to your competitors. But that's not a big deal, right?

Look, I help people set up private servers to keep their data out of "the Cloud" but you can't be wrong about the arguments.

Event IF this were a BGP hijack rather than a misconfiguration error and even IF they had minted Google.com certs trusted by the default root stores, Chrome would have picked up the pinned-certificate fingerprint mismatches and refused to connect. Everything in Google's suite happens over TLS.

Yes, this would cause an outage, which costs time and money, but your information does not wind up in the hands of your competitors.

Make technically valid business arguments - don't spout crazy conspiracy theories.

Re:

[StormReaver]

Event IF this were a BGP hijack rather than a misconfiguration error and even IF they had minted Google.com certs trusted by the default root stores...

And IF Cloud Computer equaled Google, you would have at least a semi-reasonable argument. But this ISN'T just about Google, and you're definitely missing the bigger picture. This is about the very nature of trusting some untrustworthy third party data sieve (be it Google, Microsoft, Amazon, etc.) to go against its own nature and keep your secrets secret. This particular failure is simply an indicator of what HAS happened, what IS happening, and what WILL happen to people stupid enough to trust their data

Re:

[bill_mcgonigle]

You seriously can't discuss the different risks of cloud computing separately? That's why you sound like a conspiracy theorist and not an engineer.

Of course Google is putting your data at risk - that's not relevant to a BGP hijack - it's a separate issue.

Of course Google's owning Chrome is a special case - that's the case we're discussing here. To try to generalize it to a huge catastrophe is just soapboxing and not useful. Everybody here already knows about those risks - this isn't USA Today.

Re:

[Tablizer]

He described himself, actually.

Anyhow, it seems too easy to blame Nigeria. Most "Nigerian Princes" were not sending email from Nigeria even. They've been unfairly memeitized. Or is it "memeificated"?

This affected me in Canada

[Anonymous Coward]

All my smart home devices stopped working for up to an hour on Sunday. I got a panicked phone call from my grandma who couldn't turn off her lights.

I setup my devices on a restricted wifi network because of this kind of stuff. I don't have access to the device to see what it is connecting to, and now we find out it was also routed through potentially malicious nations.

Re:This affected me in Canada

[Fly Swatter]

There is a lesson to be learned in here somewhere, both for you and for grandma.

Proof

[geekymachoman]

Finally proof those pesky Russians are hacking the America and it's freedom.
Chinese ? Well... they all the same kind.

As if we here do not do the same...

[bogaboga]

...However, this also put valuable Google traffic in the hands of ISPs in countries with a long history of Internet surveillance...

The subtext here is that the USA does not [*cough*] [*cough*], have government funded agencies doing the same. The other day, some government agency was found to be spying on Americans, even when congress [limited] its ability to.

So the summary should have been phrased this way:

..."However, this also put valuable Google traffic in the hands of ISPs and agencies in countries which like the USA, have a long history of Internet surveillance. (Bold mine.).

Re:

[theurge14]

Kindly point out any articles about a US government agency hijacking BGP routes.

Otherwise, save the whataboutism thanks.

Re:

[Anonymous Coward]

See telco tap points articles of many years ago.

US government doesn't have to play stupid BGP tricks because the traffic is already traversing links they have 100% access to.

Re:

[spacepimp]

No one is claiming we don't do this.... In this case the NSA seems like it would enjoy the ability to capture this data in whole. There is no incentive for them to stop this from occurring because now they can legally siphon it up as foreign data and spy on US citizens with hat they claim is less Constitutional rights abusive. In fact there is no evidence that this isn't being encouraged.

Re:

[Anonymous Coward]

Remind me, which president passed the patriot act? And which president wanted to "close parts of the Internet"? If you think this is a Democrat thing then you really haven't been paying attention.

Re:

[sabri]

It is time to replace BGP

Surely, we can use EIGRP for the interwebs.

You, sir, need to go see the network doctor for a good paddling with the cluebat.

Surely all encrypted?

[SmilingBoy]

All traffic between browser and Google is encrypted. I don't see a real security risk here.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:pot calling kettle...kettle come in

[drinkypoo]

AT&T maintains an entire room in one of their san francisco datacenters that does nothing but explicitly snoop traffic for the government.

In fact, only one telecom CEO in America refused to install the feds' equipment where it could be used to spy on Americans. Never Forget [wikipedia.org].

Re:

[fustakrakich]

In fact, only one telecom CEO in America refused to install the feds' equipment where it could be used to spy on Americans.

Independently verified? Or are we supposed to take them at their word?

Re:

[spacepimp]

it is well documented. His legal court case was quite revealing.

Re:

[spacepimp]

I believe you are incorrect. the room that you are discussing is one of many (there are similar ones in NYC) and the intent is to duplicate all data (PRISM) into a separate pipeline for "collection" in bulk.

Just as planned

[thunderclees]

Admittedly a large piece of supposition but how hard would it really be for the PRC and the rest of the usual suspects to convince Google and others to have accidents like this. Google, really, really wants to make RB off of Chinese users and so what if the CPC wanted data in return?

Poor headline

[Dan East]

The headline makes it sound like Google had a brief outage and that caused some traffic to be routed through Russia and China. What actually happened is Some Google Traffic Routed Through Russia and China Causing Brief Outage.

But since we're all used to awful headlines here at Slashdot, and we know we can't expect much better from the original source cnet, that's perfectly fine.

Effective but not elegant

[eastjesus]

I noticed Google down just as it started and when I checked I found that Spectrum (which still uses rr.com for naming) was sending all Google bound traffic to Tata communications (an Indian Company) which sent it over to Europe on its circuits then Transtelecom in South Africa,which moved it to Chinanet. Traceroute excerpt: 10 0.ae2.pr1.dfw10.tbone.rr.com (107.14.17.236) 66.274 ms 0.ae0.pr1.dfw10.tbone.rr.com (107.14.17.232) 68.537 ms 0.ae4.pr1.dfw10.tbone.rr.com (107.14.19.97) 69.705 ms 11 ix-ae-23-0.tcore2.dt8-dallas.as6453.net (66.110.57.97) 70.130 ms 71.137 ms 70.498 ms 12 if-ae-2-2.tcore1.dt8-dallas.as6453.net (66.110.56.5) 205.871 ms 205.041 ms 207.009 ms 13 if-ae-37-3.tcore1.aeq-ashburn.as6453.net (66.198.154.68) 208.978 ms 207.757 ms 212.871 ms 14 if-ae-2-2.tcore2.aeq-ashburn.as6453.net (216.6.87.1) 211.628 ms 212.403 ms 241.799 ms 15 if-ae-12-2.tcore4.njy-newark.as6453.net (216.6.87.43) 203.197 ms 204.385 ms if-ae-12-2.tcore4.njy-newark.as6453.net (216.6.87.223) 238.450 ms 16 if-ae-1-3.tcore3.njy-newark.as6453.net (216.6.57.5) 234.408 ms 235.627 ms 235.190 ms 17 if-ae-15-2.tcore1.l78-london.as6453.net (80.231.130.25) 239.527 ms 239.084 ms 240.261 ms 18 if-ae-2-2.tcore2.l78-london.as6453.net (80.231.131.1) 240.647 ms 241.425 ms 241.816 ms 19 if-ae-14-2.tcore2.av2-amsterdam.as6453.net (80.231.131.161) 246.783 ms 247.567 ms 246.319 ms 20 if-ae-2-2.tcore1.av2-amsterdam.as6453.net (195.219.194.5) 248.282 ms 167.135 ms 192.261 ms 21 if-ae-6-2.tcore1.fnm-frankfurt.as6453.net (195.219.194.150) 193.772 ms 197.050 ms 200.104 ms 22 195.219.156.146 (195.219.156.146) 213.840 ms 213.268 ms 219.112 ms 23 mskn17ra-lo1.transtelecom.net (217.150.55.21) 271.186 ms 266.862 ms 267.265 ms 24 * * ChinaTelecom-gw.transtelecom.net (217.150.59.249) 280.990 ms 25 * * * 26 * * * 27 * * * 28 * * 154.72.45.166 (154.72.45.166) 466.625 ms There was a period in the middle of that time that Google appeared to be working but traceroute showed everything passing through chinanet and then on to Google, just long latency, but they couldn't keep it up and Google kept going down. There is another article about it at: https://www.dailymail.co.uk/ne... [dailymail.co.uk] Sorry about the formatting but the /. editor is not accepting my line breaks. Figured the traceroute might be interesting to some even if it looks ugly.

Re:

[Anonymous Coward]

I noticed Google down just as it started and when I checked I found that Spectrum (which still uses rr.com for naming) was sending all Google bound traffic to Tata communications (an Indian Company) which sent it over to Europe on its circuits then Transtelecom in South Africa,which moved it to Chinanet.

Traceroute excerpt:
100.ae2.pr1.dfw10.tbone.rr.com (107.14.17.236) 66.274 ms
0.ae0.pr1.dfw10.tbone.rr.com (107.14.17.232) 68.537 ms
0.ae4.pr1.dfw10.tbone.rr.com (107.14.19.97) 69.705 ms
11 ix-ae-23-0.tcore2.dt8-dallas.as6453.net (66.110.57.97) 70.130 ms 71.137 ms 70.498 ms
12 if-ae-2-2.tcore1.dt8-dallas.as6453.net (66.110.56.5) 205.871 ms 205.041 ms 207.009 ms
13 if-ae-37-3.tcore1.aeq-ashburn.as6453.net (66.198.154.68) 208.978 ms 207.757 ms 212.871 ms
14 if-ae-2-2.tcore2.aeq-ashburn.as6453.net (216.6.87.1) 211.628 ms 212.403 ms 241.799 ms
15 if-ae-12-2.tcore4.njy-newark.as6453.net (216.6.87.43) 203.197 ms 204.385 ms
if-ae-12-2.tcore4.njy-newark.as6453.net (216.6.87.223) 238.450 ms
16 if-ae-1-3.tcore3.njy-newark.as6453.net (216.6.57.5) 234.408 ms 235.627 ms 235.190 ms
17 if-ae-15-2.tcore1.l78-london.as6453.net (80.231.130.25) 239.527 ms 239.084 ms 240.261 ms
18 if-ae-2-2.tcore2.l78-london.as6453.net (80.231.131.1) 240.647 ms 241.425 ms 241.816 ms
19 if-ae-14-2.tcore2.av2-amsterdam.as6453.net (80.231.131.161) 246.783 ms 247.567 ms 246.319 ms
20 if-ae-2-2.tcore1.av2-amsterdam.as6453.net (195.219.194.5) 248.282 ms 167.135 ms 192.261 ms
21 if-ae-6-2.tcore1.fnm-frankfurt.as6453.net (195.219.194.150) 193.772 ms 197.050 ms 200.104 ms
22 195.219.156.146 (195.219.156.146) 213.840 ms 213.268 ms 219.112 ms
23 mskn17ra-lo1.transtelecom.net (217.150.55.21) 271.186 ms 266.862 ms 267.265 ms
24 * * ChinaTelecom-gw.transtelecom.net (217.150.59.249) 280.990 ms
25 * * *
26 * * *
27 * * *
28 * * 154.72.45.166 (154.72.45.166) 466.625 ms

There was a period in the middle of that time that Google appeared to be working but traceroute showed everything passing through chinanet and then on to Google, just long latency, but they couldn't keep it up and Google kept going down. There is another article about it at: https://www.dailymail.co.uk/ne [dailymail.co.uk]... [dailymail.co.uk] Sorry about the formatting but the /. editor is not accepting my line breaks. Figured the traceroute might be interesting to some even if it looks ugly.

FTFY. I guess slashcode doesn't like large blocks of text with loads of carriage returns. Prevents trolls?

Re:

[account_deleted]

Comment removed based on user account deletion

The Not-So-Secret Snoop Room

[eastjesus]

There have been a number of comments here about the "secret" secure room in San Francisco where Internet traffic is snooped. When General Alexander was head of the NSA (where he built a replica of the Star Trek bridge [dailymail.co.uk] with taxpayer money for his commmand) he issued the directive to "Collect it all!"

The "room" was in AT&T's facility, not Google's, and tapped a major Internet backbone link. It's been known and documented for years. See the deposition of Mark Klein [eastjesus.net] dated June 8, 2006, formerly of AT