Yesterday it was reported that an internet traffic diversion rerouted data through Russia and China and disrupted Google services on Monday, including search, cloud-hosting services and its bundle of collaboration tools for businesses.
Following this, please see below for comment from Allan Liska, senior security architect at Recorded Future.
Allan Liska, Senior Security Architect at Recorded Future:
“BGP Hijacking is surprisingly common. According to the Internet Society, there were almost 14,000 BGP Hijacking incidents in 2017 alone (https://www.internetsociety.org/blog/2018/01/14000-incidents-2017-routing-security-year-review/) and that number has not slowed down in 2018. Most incidents are not noticed, it is only when a big name like Google, Amazon or Visa have their routes hijacked that people pay attention. Most of the time, BGP Hijacking incidents are the result of human error, rather than malicious intent and that may be the case here, especially knowing that all of Google’s traffic is encrypted so there is very little to gain by intentionally rerouting it, although meta data is always valuable to a nation state.
That being said, there does appear to be a disproportionally large number of hijacks originating from China Telecom. For comparison, the largest ISP in the world is Verizon, which has AS701 and has 2855 reported hijacks. China Telecom is the 4th largest ISP in the world and their primary ASN, AS4134, has 4413 reported hijacks. That is a significant difference.”