Google IPs redirected: Williams highlights risks of cloud for financial services

By Rebekah Tunstead | 19 November 2018

On November 12, a prefix leak resulted in Google’s IP addresses being redirected to ChinaTel, according to a bobsguide source.

“While this is a redirection of IP addresses of Google’s data for search and cloud services, it would have been a different story if it had affected financial companies and particularly trades which are so dependant on timely traffic and can ill afford the delays seen on Monday,” Geraint Williams, chief information security officer at GRC International Group, provider of IT governance, risk management, and compliance solutions.

“This is why a lot of them have private networks, and use other techniques to guarantee the quality of service and the speed of service,” says Williams.

According to Williams, companies need to be aware of the third parties that are involved in cloud services.

“It is something that organisations need to be aware of that when you are using a cloud service, you are actually depending on a number of third parties, and there is always potential for delay etc. This is actually delays in traffic, which would of been really critical maybe for the financial markets,” he says.

“It’s not actually the first time that this has happened. It’s been happening on and off since about 2002 - it is the furthest instance that I am aware of.”

In a statement, an Internet Service Provider (ISP) in Nigeria, MainOne, claimed responsibility for the issue: “Specifically, the configuration on our Border Gateway Protocol (BGP) filters led to the inadvertent advertisement of peering partner prefixes through one of our upstream partners, China Telecoms.”

The statement went on: “This leak majorly impacted traffic to some of our peering partners, because the return traffic for the leaked prefixes was dropped by ChinaTel. Therefore, during this period, the services of some of our peering partners was not accessible to some of its customers who preferred to use the leaked routes.”

In response to the redirection of IP traffic, a Google spokesperson said that the company’s services had not been compromised.

“We’re aware that a portion of internet traffic was affected by incorrect routing of IP addresses, and access to some Google services was impacted. The root cause of the issue was external to Google and there was no compromise of Google services,” said the Google spokesperson.

Google did not respond to further requests for clarification prior to publication of this article.

According to Williams, this sort of issue can be created through human error, or through a cyber attack.

“One digit typed wrongly, if not picked up, can cause these problems. And, of course, these are accidental ones, but it is always possible for countries with good cyber attack units to do this deliberately and actually cause traffic to be redirected,” says Williams.

“Because we use a lot of legacy protocols etc., the protocols behind the internet, behind the BGP and DNS, are very old. They do have weaknesses that is it possible for people to take advantage of.”

Main One tweeted that the error was rectified after 74 minutes.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development