After being hit with an outage, several users took to social media to complaint that they were either unable to access Google services like YouTube and the company traffic was being misdirected through ISPs in China, Nigeria, and Russia. Google has also confirmed the malicious attack saying that the root cause of this was “external” and is under investigation.
The attack employed is known as border gateway protocol that misdirects traffic and can knock essential services offline and facilitate espionage and financial theft. It can result either from misconfiguration—human error, essentially— or from malicious action.
“Throughout the duration of this issue Google services were operating as expected and we believe the root cause of the issue was external to Google. We will conduct an internal investigation of this issue and make appropriate improvements to our systems to help prevent or minimize future recurrence,” Google said in a statement.
According to an Internet research firm ThousandEyes, "traffic to certain Google destinations appears to be routed through an ISP in Russia and black-holed at a China Telecom gateway router". The disruption in Google services was limited to nearly an hour.
However, other applications like Gmail and Google Drive were not impacted. Google further described the issue as "Google Cloud IP addresses being erroneously advertised by internet service providers other than Google". ThousandEyes named China Telecom, Nigerian-provider MainOne and Russian network operator TransTelekom behind this incident.
Google also said that no data was compromised with encryption preventing any exploit.