Internet traffic sent to and from Google, Facebook, Apple, and Microsoft was briefly routed through a previously unknown Russian Internet provider on Wednesday. Researchers called it suspicious and intentional.
The unexplained incident involving the Internet's Border Gateway Protocol is the latest to raise troubling questions about the trust and reliability of communications sent over the global network.
Wednesday's event comes eight months after large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services ..., also under suspicious circumstances.
... several things made Wednesday's incident "suspicious." First, the rerouted traffic belonged to some of the most sensitive companies, which—besides Google, Facebook, Apple, and Microsoft—also included Twitch, NTT Communications, and Riot Games. Besides the cherrypicked targets, hijacked IP addresses were broken up into smaller, more specific blocks than those announced by affected companies, an indication the rerouting was "intentional."
"Some of these prefixes don't normally exist, i.e., there was a Google /16 (expected) and all of a sudden a more specific /24 (smaller block)," BGPMon researcher Andree Toonk wrote in an email. "Google did not announce that block, so someone made that up. Normally with BGP configuration errors, we don't see new prefixes."