Hijacking the Internet Is Far Too Easy

Countries like Russia and China can redirect web traffic—and they aren’t just trying to steal information.

Detour sign.
Photo illustration by Slate. Photo by Joe_Potato/iStock/Getty Images Plus.

Did you have trouble accessing Google on Monday? If so, that’s because another country may have hijacked your internet traffic.

According to a Google blog post on the incident, users were temporarily unable to reach services for about an hour due to an issue “external” to the company. The Wall Street Journal reports research firm ThousandEyes said that bad network instructions rerouted traffic to Russian network TransTelekom, Nigerian internet provider MainOne, and China Telecom. Any of these countries may have been involved, though Russia and China are the most likely suspects.

Routing traffic through your borders is a way to view potentially sensitive information, from financial transactions to government documents. It’s all possible thanks to the protocols that run the global internet, which weren’t built with rigorous security in mind. But this sort of attack isn’t just about gleaning valuable information; it’s also about sowing distrust of the internet. Whether it’s Russia posting fake news on social media or Chinese companies remotely stealing intellectual property, authoritarians have long taken, encouraged, or allowed actions that demonstrate the internet’s insecurity and capacity for harm. It’s all part of their ongoing international push to justify tight control of the internet, like censorship and surveillance, within their borders.

These internet protocols are essentially the programmed rules that dictate how devices communicate. For instance, the Transmission Control Protocol handles the delivery of “data packets”—small units of data—from one device to another. The Internet Protocol provides the digital “addresses” that assist in data packet delivery. Another commonly known protocol is HTTP, the Hyper Text Transfer Protocol, which communicates information between a web browser and a website’s server. Together, the entire cluster of internet protocols form the code backbone of the global network. At the center of these protocols is trust, even though they weren’t designed with security in mind. From global commerce to military communications to conversations with loved ones, we are meant to trust that these protocols will work properly and send information where requested.

This recent incident is hardly the first time a foreign country may have rerouted American internet traffic by attacking this backbone of trust on the internet. A recent study published in the Journal of the Military Cyber Professionals Association showed how the Chinese government hijacks internet traffic from around the world by manipulating the Border Gateway Protocol, or BGP, which is used to route data sent over the internet. By exploiting weaknesses in this protocol, an attacker can alter the path a piece of online information takes from location A to location B. The authors of the report found that China Telecom—the state-owned communications giant allegedly involved in the recent Google incident—does just this.

China Telecom appears to use its presence in Western internet systems, they wrote, “to selectively redirect internet traffic through China.” While BGP hijacking is complex, it’s much easier with the help of a “complicit and preferably largescale” internet service provider that is more likely to be a central hub for global internet traffic. Since 2016 alone, the authors found that China used BGP hijacking to reroute traffic originally sent from Canada to Korea, the United States to Italy, Scandinavia to Japan, and Italy to Thailand. All in all, government websites, banks, and news organizations were just some of the impacted groups.

In July 2018, my New America colleague Robert Morgus and I released a framework to study the internet on and through which countries project their power—an increasingly centralized, increasingly restricted, and certainly insecure internet, as opposed to the one imagined by liberal-democratic policymakers with properties like freedom and security. (Disclosure: New America is a partner with Slate and Arizona State University in Future Tense.) What we found was opportunities to undermine trust on many levels of the internet.

The insecurity of the internet—as these recent events show—doesn’t just apply to laptops and smartphones, but to the internet protocols that are far more vulnerable to manipulation than you might imagine (or hope). My web browser crashing won’t impact everyone else’s web browser functionality, but the failure of a single internet protocol like the Domain Name System or the Internet Protocol could catastrophically impact the way traffic is routed around the world. Undermining trust in these single points of failure (what, I believe, the Global Commission on the Stability of Cyberspace means when they refer to the “public core” of the internet) undermines trust in the internet at a fundamental level in a way that hacks of specific devices don’t.

The incident with Google and the Journal of the Military Cyber Professionals Association study on China come on the back of other BGP hijackings, like when Microsoft, Apple, Facebook, and Google all experienced (unexpected) traffic rerouting through a Russian internet provider in 2017. Internet monitor BGPmon called the incident “suspicious,” with a significant impact despite its short lifespan (the hijack lasted a total of six minutes). “Whatever caused the incident,” BGPmon wrote, “it’s another clear example of how easy it is to re-route traffic for 3rd parties, intentionally or by accident.”

Not all internet protocol hijackings are of the Border Gateway Protocol, though. Attacks have hit other mechanisms (in addition to BGP) that ensure internet traffic is routed where intended. In April, hackers manipulated Amazon’s “Route 53” system to redirect traffic through Russia and steal Ethereum cryptocurrency. In 2013, the Syrian Electronic Army manipulated internet protocols to deface a series of websites, including those of the New York Times, the Washington Post, Financial Times, the Guardian, and NPR. In 2010, Pentagon traffic was routed through Beijing in another BGP hijacking, which potentially compromised information sent to and from U.S. government and military sites, including those for the secretary of defense’s office. In 2008, Pakistan’s state-owned telecommunications company took YouTube offline when it took control of internet address protocols, rendering the site globally inaccessible. The list goes on.

In response to this growing threat, there are several initiatives to bolster the security of internet routing protocols—including MANRS for Network Operators, which provides guidance to internet service providers on preventing hijacks, and Internet Society’s work on securing the Border Gateway Protocol. The Internet Engineering Task Force has previously run a working group on Secure Inter-Domain Routing, and it currently has an open working group on running the Domain Name System over a secure HTTPS connection (an idea worthy of separate discussion in and of itself).

Still, policymakers must pay more attention to this issue. Authoritarian countries depend on the insecurity of the global internet to call for sovereign control of the internet within their borders—what is often termed “cyber sovereignty.” Since the global internet is not safe when controlled by nongovernmental standards bodies, the logic goes, the government must exert near-complete to complete control over the network to make it safer. By better securing the internet, then, we can protect its core identity: as a global and open platform for everyone.