Internet traffic coming into and out of Apple, Facebook, Google, Microsoft, and other companies was briefly redirected through a Russian provider on Wednesday, in what appears to have been a deliberate move.
The incident involved the Border Gateway Protocol, or BGP, which funnels high-level traffic through nodes like internet backbones, according to Ars Technica, citing reports by monitoring services BGPMon and Qrator Labs. BGPMon recorded two three-minute hijacks, affecting 80 address blocks in total. Qrator Labs said the incident spanned two hours, with the number of address blocks fluctuating between 40 and 80.
Some reasons for suspicion include the prominence of the impacted companies, and the fact that IP addresses were split into smaller blocks than those announced by the companies — something that doesn't normally happen with a BGP configuration error.
The autonomous Russian system that performed the hijack, known as AS39523, was previously inactive for years except for another BGP incident in August that involved Google.
It's unknown what might been done with data if the latest redirect was deliberate, since much or all of it would've been protected by encryption that has yet to be defeated, at least according to public knowledge. An attacker could conceivably have figured out decryption, attempted to crack it, or may be storing the data for future attacks.