Google BGP hijack: A tiny Nigerian internet service provider captured the traffic meant for Google's data centers. The incident, called the BGP hijack, occurred yesterday 12 November, between 13: 12 and 14: 35, Pacific Time, according to Google.
The incident was first identified and reported by BGPmon, an online service that monitors traffic routes through the largest Internet ISPs.
According to BGPmon, the incident was caused by a small Nigerian ISP company named MainOne Cable Company (AS37282), which announced to nearby access providers that it was hosting IP addresses that normally corresponded to the Google Data Centers network.
BGPmon reports that the Nigerian ISP said it was "accidentally" hosting 212 Google network prefixes on five different waves, for a total of 74 minutes.
The routing announcement leaked to other internet service providers, inviting more and more providers to send to Google traffic on the MainOne network instead of the regular BGP routes.
According to experts from ThousandEyes:
"We noticed that this leak was mainly driven by transit providers and did not affect consumers' ISPs." said Ameet Naik, director of ThousandEyes.
"All the traffic hit the great firewall, shutting down China Telecom router," Naik added.
So whichever traffic it came to the Nigerian company, it was later abandoned, which did not allow users to connect to Google networks.
The incident has naturally caused great concern online, especially for cyber security and networking experts.
BGP hijacks are considered extremely dangerous as they allow unauthorized networks to monitor, analyze, and record sensitive information that could later be decrypted.
We do not know if the "bad" traffic redirection through the Nigerian company was intentional or accidental, but the problem still exists in BGP itself, a protocol developed in the 1980s that has no security features and is still used until today for the interconnection of ISP networks.