Google’s Web Traffic Incident is Proof You Need a VPNLast Updated by K. Andreas on December 09, 2018
You may have missed it in the endless flurry of news reports that seem to come out each day, but something happened last week involving the world’s most popular website that serves as a glaring reminder of how the internet is never as secure as you think.
Unfortunately, it seems a lot of others may have missed it as well.
Here’s what went down:
On Nov. 12, at approximately 1:00 PM to 2:23 PM PST, Google Cloud’s internet traffic was disrupted, causing a good portion of UK, France, Canada, and US web traffic to get rerouted through ISPs in Nigeria, Russia, and China. Much of the traffic was sent through China Telecom, where it hit the Great Firewall of China, which heavily restricts internet access to a wide range of websites.
The network security company ThousandEyes determined that the main issue came down to an accidental leak from the Border Gateway Protocol (BGP) to Nigerian-based ISP MainOne and China Telecom.
BGP is the routing protocol used to route traffic across the entire internet, most often by facilitating a peer connection between an ISP and another supposedly secured network. Incorrect routing instructions can cause traffic to be sent to the wrong destination altogether, or make incorrect stops along the way.
Inconvenient and annoying for everyone affected, but the event is much more than just a frustrating hour or so for Google users — it’s another indictment of the continued need to secure your internet connection at all times, regardless of where you are.
Why it Matters
For a company the size of Google, this incident was unprecedented.
Google was quick to maintain that their traffic is almost entirely encrypted — and the leak does appear to be an accident — but there were still signs of BGP-hacking. In this case, it seems that Russia and China had their network operators set up to receive rogue traffic, which means anytime something like this happens, they will get most of the traffic, instead of where it was supposed to be routed.
The incident was problematic as the Chinese and Russian governments are ruthless when it comes to recording online activity and data.
Not the First Time — or Last
BGP-related incidents are nothing new. In 2003, a large-scale hijacking resulted in huge amounts of data being redirected through routers in Belarus and Iceland, before reaching their intended destination. In 2008 the Pakistani government used BGP to censor YouTube within the country by routing traffic to a dead end but temporarily blocked traffic entirely instead. More recently, there have been BGP hijacks involving cryptocurrency, and a 2017 BGP route leak that disabled several e-commerce and finance websites.
In some ways, Russia, China, and other similar countries are merely exploiting a very generous BGP system that is outdated, and far too reliant on trust.
Internet protocols were written in the 70s and 80s, and are in desperate need of an overhaul. This isn’t a new development, as evidenced by many movements in recent years to encrypt web traffic with HTTPS, and secure the internet’s Domain Name System address lookup process so it can’t be used for spying or malicious rerouting. Unfortunately, these measures are not likely to be put into place on a large scale for several years.
So, for the foreseeable future, and whether you like it or not, you are responsible for your online security regarding your internet connection. The best way to do this is by using a VPN.
Why You Need a VPN
While you may not be able to prevent large-scale incidents, you can take precautions to secure your internet connection — no matter where you are, who your ISP is, or what network you’re using.
Connecting via a VPN can fully shield your IP address, and effectively conceal your online activity, including your web browsing, downloads, emails, and more. This way, you are protected against hacking, and it prevents governments, or any one else, from monitoring your data.
VPNs provide some other added benefits as well, like the ability to spoof your IP location, making websites and streaming platforms think you’re somewhere that you’re not. Geo-spoofing can unblock specific streaming content like movies and sports, and even give you better prices on travel booking sites.
Overhauls to internet infrastructure and outdated protocols are still years away, and will still not be able to ensure the total security needed in today’s landscape.
Anyone who truly wishes to secure their online data and protect their anonymity should begin using a VPN immediately and never look back.