Google Public DNS Server Traffic Hijacked, Millions users impacted

Pierluigi Paganini March 18, 2014

Google DNS public server was hijacked yesterday for 22 minutes, the victims were hijacked to the Latin America division of BT in Venezuela and Brazil.

Google is undoubtedly the main targets for hackers, its services are accessed daily by billions of Internet users, a wide audience desirable for attackers.

The last successfully attack against Google occurred yesterday, the Google’s public DNS (Domain name system) was hit the Internet monitoring firm BGPmon issued an alert to inform Internet users that Google DNS was hijacked for around 22 minutes.

Google Public DNS Servers Traffic Hijacked 2

The attackers exploited a well-known vulnerability in the Border Gateway Protocol (BGP), the protocol designed to exchange routing and reachability information between the Internet autonomous systems (AS), the hackers exploiting the flaw re-route the traffic through to a router they managed. The attack to BGP is very insidious and hard to detect, attackers performing a man-in-the-middle attack are able to involve a large audience, such kind of attacks are ideal for cyber espionage operations.

Networks Brazil & Venezuela were affected, to give an idea about the impact of a similar hack let’s consider that Google’s DNS server handles nearly 150 billion queries every day. 22 minutes of hijacking are enough to impact the activities of millions of Internet users, including Government agencies, financial institution and enterprises. The victims hijacked to the Latin America division of BT in Venezuela and Brazil.

 bgpmon Google DNS Haijacked


In November 2013 ArsTechnica published an interesting post in which described a series of attacks that hijacked huge chunks of Internet traffic, man-in-the-middle attacks was diverting data on a large-scale as never seen before.

Researchers from network intelligence firm Renesys observed 38 distinct events in which huge blocks of traffic have been improperly redirected to routers at Belarusian or Icelandic service providers. The attackers exploited the implicit trust placed in the border gateway protocol also in those cases, “major financial institutions, governments, and network service providers” in the US, South Korea, Germany, the Czech Republic, Lithuania, Libya, and Iran were affected.

The problem is that hackers too easily modify or delete authorized BGP routes, or create new ones.

“In 2008, YouTube became unreachable for virtually all Internet users after a Pakistani ISP altered a route in a ham-fisted attempt to block the service in just that country. Later that year, researchers at the Defcon hacker conference showed how BGP routes could be manipulated to redirect huge swaths of Internet traffic. ” reported ArsTechnica.

For your information Google DNS service has been already hijacked in the past, in 2010 traffic was redirected to Romania and Austria.

Pierluigi Paganini

(Security Affairs – GOOGLE DNS , DNS)

you might also like

leave a comment