Internet traffic hijack disrupts Google services

In this Monday, Nov. 5, 2018, photo, a woman carries a fire extinguisher past the logo for Google at the China International Import Expo in Shanghai. Internet traffic hijacking disrupted several Google services Monday, Nov. 12, 2018, including search and cloud-hosting services. (AP)
Updated 13 November 2018
0

Internet traffic hijack disrupts Google services

  • Google confirmed Monday’s disruption on a network status page but said only that it believed the cause was “external to Google”

CALIFORNIA: An Internet diversion that rerouted data traffic through Russia and China disrupted several Google services on Monday, including search and cloud-hosting services.
Service interruptions lasted for nearly two hours and ended about 5:30 p.m. EST., network service companies said. In addition to Russian and Chinese telecommunications companies, a Nigerian Internet provider was also involved.
Google confirmed Monday’s disruption on a network status page but said only that it believed the cause was “external to Google.” The company had little additional comment.
The specific method employed, formally known as border gateway protocol hijacking, can knock essential services offline and facilitate espionage and financial theft. Most network traffic to Google services — 94 percent as of October 27 — is encrypted, which shields it from prying eyes even if diverted.
Alex Henthorn-Iwane, an executive at the network-intelligence company ThousandEyes, called Monday’s incident the worst affecting Google that his company has seen.
He said he suspected nation-state involvement because the traffic was effectively landing at state-run China Telecom. A recent study by US Naval War College and Tel Aviv University scholars says China systematically hijacks and diverts US Internet traffic.
Much of the Internet’s underpinnings are built on trust, a relic of the good intentions its designers assumed of users. One consequence: little can be done if a nation-state or someone with access to a major Internet provider decides to reroute traffic.
Henthorn-Iwane says Monday’s hijacking may have been “a war-game experiment.”
In two recent cases, such rerouting has affected financial sites. In April 2017, one affected Mastercard and Visa among other sites. This past April, another hijacking enabled cryptocurrency theft .
The Department of Homeland Security did not immediately respond to a request for comment.
ThousandEyes named the companies involved in Monday’s incident, in addition to China Telecom, as the Russian Internet provider Transtelecom and the Nigerian ISP MainOne.


Warning issued over attacks on Internet infrastructure

ICANN headquarters in Los Angeles. (Supplied)
Updated 23 February 2019
0

Warning issued over attacks on Internet infrastructure

  • The list of targets included website registrars and Internet service providers, particularly in the Middle East

SAN FRANCISCO: Key parts of the Internet infrastructure face large-scale attacks that threaten the global system of web traffic, the Internet’s address keeper warned Friday.
The Internet Corporation for Assigned Names and Numbers (ICANN) declared after an emergency meeting “an ongoing and significant risk” to key parts of the infrastructure that affects the domains on which websites reside.
“They are going after the Internet infrastructure itself,” ICANN chief technology officer David Conrad told AFP.
“There have been targeted attacks in the past, but nothing like this.”
The attacks date back as far as 2017 but have sparked growing concerns from security researchers in recent weeks, which prompted the special meeting of ICANN.
The malicious activity targets the Domain Name System or DNS which routes traffic to intended online destinations.
ICANN specialists and others say these attacks have a potential to snoop on data along the way, sneakily send the traffic elsewhere or enable the attackers to impersonate or “spoof” critical websites.
“There isn’t a single tool to address this,” Conrad said, as ICANN called for an overall hardening of web defenses.
US authorities issued a similar warning last month about the DNS attacks.
“This is roughly equivalent to someone lying to the post office about your address, checking your mail, and then hand delivering it to your mailbox,” the US Department of Homeland Security said in a recent cybersecurity alert.
“Lots of harmful things could be done to you (or the senders) depending on the content of that mail.”

DNSpionage attacks might date back to at least 2017, according to FireEye senior manager of cyber espionage analysis Ben Read.
The list of targets included website registrars and Internet service providers, particularly in the Middle East.
“We’ve seen primarily targeting of email names and passwords,” Read said of what is being dubbed “DNSpionage.”
“There is evidence that it is coming out of Iran and being done in support of Iran.”
ICANN held an emergency meeting and is putting out word to website and online traffic handlers to ramp up security or leave users vulnerable to being tricked into trusting the wrong online venues.
DNSpionage hackers appeared intent on stealing account credentials, such as email passwords, in Lebanon and the United Arab Emirates, according to Crowdstrike cybersecurity firm vice president of intelligence Adam Meyers.
Similar attacks took place in Europe and other parts of the Middle East, with targets including governments, intelligence services, police, airlines, and the oil industry, cybersecurity specialists said.
“You definitely need knowledge of how the Internet works you and have to handle a lot of traffic being directed to you,” Meyers said of the DNSpionage hackers.
“With that access, they could temporarily break portions of how the Internet works. They chose to intercept and spy on folks.”