Global Google Outage - USA Cyber Hack

[toucana]

A rare global outage of Google services and applications has taken place, starting just around midday UK time.

https://www.bbc.co.uk/news/technology-55299779

Users around the world reported problems with Gmail, Google Drive, the Android Play Store, Maps, and more.

Despite the widespread outage, Google's service dashboard for its services reported no errors.

This outage comes amid reports from USA that a Russian hacking group called ‘Cozy Bear’ has successfully compromised SolarWinds Orion IT monitoring software platform - speculation is swirling that it was used in attacks on major US government agencies that could also be linked to last week's revelation that FireEye's top hacking tools have been accessed.

https://www.theregister.com/2020/12/14/solarwinds_fireeye_cozybear/

News of the SolarWinds hack was broken by newswire Reuters, which also reported that US government agencies, among them Treasury and the Department of Commerce, have been hit with a hack so serious that the National Security Council met to discuss it on Saturday.

The Washington Post has reported that the government hacks were made possible by flaws in SolarWinds products and that the attack was perpetrated by Russian hacking group APT29, aka Cozy Bear. US government officials have acknowledged the incidents, but have not offered further details.

This situation is properly scary because a supply chain attack that poisons product updates issued by a major security vendor suggests that Cozy Bear could be deep inside all sorts of systems and vendors. SolarWinds customer list includes:

• More than 425 of the US Fortune 500
• All of the top 10 US telecommunications companies
• All five branches of the US military
• The US Pentagon, State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States
• All of the top five US accounting firms

[charon]

Or the aliens did it.

But let's say it really is the Russian hackers after all. Presumably Putin & Co (if there is a Co) will intervene in some way.

If he doesn't, then what's he up to with all these new weapons and whatnot recently? He can't be stupid enough to go the back to the old KGB days and a cold war, can he? He has no cause, as far as I know. America isn't interested in all that, it's too busy dealing with you-know-who (who loves Putin like a brother, let's not forget!).

So somebody ought to be saying something, it seems to me.

[toucana]

POC - (proof of concept) might be the operative term. "Let's see how much traction we have gotten ourselves".

Alternatively, (and more likely), Google tripped over its own BGP (Border Gateway Protocol) tables and managed to generate an aberrant routing listing. This has happened before, and once a rogue BGP entry enters the fray it has a tendency to propagate quite rapidly with dramatic results.

On one occasion a few years ago the whole of YouTube vanished down a routing black hole somewhere in the middle east for several hours. One common error cascade is for a network engineer to misapply a configuration update intended for just a small subnet, and accidentally roll the update out globally. The UK Department For Work and Pensions managed to bork 80,000 Microsoft Windows machines at one fell swoop this way back around 2004 iirc.

https://www.computerworld.com/article/2568540/u-k--government-hit-with-another-large-computer-failure.html

Google managed to get their services back online after about 45m. One rather odd effect was that some people could still reach the landing page of the affected websites, provided they were using a web browser set to incognito mode.

[TheVat]

Both the spouse and I have experienced some peculiar tampering with a credit card account and a bank account yesterday. I had to make a new password, she had to get a new card. I suspect this is not entirely coincidental with the current events affecting 425 of the Fortune 500 companies. Sounds like it will be a while before we know everything that's been tampered with.