Ng Han Guan
In this Monday, Nov. 5, 2018, photo, a woman carries a fire extinguisher past the logo for Google at the China International Import Expo in Shanghai. Internet traffic hijacking disrupted several Google services Monday, Nov. 12, 2018, including search and cloud-hosting services. (AP Photo/Ng Han Guan)

An internet diversion that rerouted data traffic through Russia and China disrupted several Google services on Monday, including search and cloud-hosting services.

Service interruptions lasted for nearly two hours and ended about 5:30 p.m. EST., network service companies said. In addition to Russian and Chinese telecommunications companies, a Nigerian internet provider was also involved.

Google confirmed Monday's disruption on a network status page but said only that it believed the cause was "external to Google ." The company had little additional comment.

The specific method employed, formally known as border gateway protocol hijacking, can knock essential services offline and facilitate espionage and financial theft. Most network traffic to Google services —94 percent as of October 27 — is encrypted, which shields it from prying eyes even if diverted.

Alex Henthorn-Iwane, an executive at the network-intelligence company ThousandEyes, called Monday's incident the worst affecting Google that his company has seen.

He said he suspected nation-state involvement because the traffic was effectively landing at state-run China Telecom. A recent study by U.S. Naval War College and Tel Aviv University scholars says China systematically hijacks and diverts U.S. internet traffic.

Much of the internet's underpinnings are built on trust, a relic of the good intentions its designers assumed of users. One consequence: little can be done if a nation-state or someone with access to a major internet provider decides to reroute traffic.

7 comments on this story

Henthorn-Iwane says Monday's hijacking may have been "a war-game experiment."

In two recent cases, such rerouting has affected financial sites. In April 2017, one affected Mastercard and Visa among other sites. This past April, another hijacking enabled cryptocurrency theft .

The Department of Homeland Security did not immediately respond to a request for comment.

ThousandEyes named the companies involved in Monday's incident, in addition to China Telecom, as the Russian internet provider Transtelecom and the Nigerian ISP MainOne.