An internet traffic diversion rerouted data through Russia and China and disrupted Google services on Monday.
Service interruptions lasted for nearly one and a half hours and ended about 5:30 p.m. EST., network service companies said. In addition to Russian and Chinese telecommunications companies, a Nigerian internet provider was also involved.
The diversion caused a massive denial of service to G Suite and Google Search and "put valuable Google traffic in the hands of ISPs in (internet service providers) in countries with a long history of Internet surveillance," network-intelligence company ThousandEyes said in a blog post.
Border gateway protocol hijacking can knock essential services offline and facilitate espionage and financial theft. It can result either from misconfiguration — human error, essentially— or from malicious action.
Alex Henthorn-Iwane, an executive at ThousandEyes, called Monday’s incident the worst affecting Google that his San Francisco company has seen.
He said he suspected nation-state involvement because the traffic was effectively landing at state-run China Telecom.
Google said it had no reason to believe the traffic hijacking was malicious.
ThousandEyes named the companies involved in Monday’s incident, in addition to China Telecom, as the Russian internet provider Transtelecom and the Nigerian ISP MainOne.
Both ThousandEyes and the U.S. network monitoring company BGPmon said the internet traffic detour originated with the Nigerian company.