On June 2nd, at around 2:30pm EST, users of YouTube, Snapchat and other sites were shocked to learn that, almost in concert with one another, the internet had virtually gone dark in the Eastern portion the United States. Sites from Shopify to Vimeo to even Discord had been knocked offline or had notable problems with their services. In addition, telephone services and ISPs were also reporting issues with their cellular services and internet connections.

Celluar services such as Verizon, T-Mobile and Sprint were bombarded with issue reports on DownDetector with complaints ranging from disruptions in cell service to the internet no longer functional on their phones. Even Platforms not publicly associated with Google in any way, such as Steam, PayPal and even Pokemon Go  were affected by outages.

While the outage was mainly concentrated on the Eastern coast of the United States, outages of these sites were reported sporadically on the western coast of the United States, and even as far south as Houston, Texas.

People took to twitter, which was unexpectedly unaffected by the severe outage and tended the hashtag, “#YoutubeDOWN” with masses of users tweeting to the team that they could not even log into the site. People quickly found information that YouTube was not only being affected.

In addition, users of the NEST Smart-Home networking system couldn’t even get into their homes as a result of the outage, with reports skyrocketing with people concerned about themselves being locked out.

Then, at around 3:30 pm EST, Google updated their Google Cloud Network dashboard notifications with a message relaying that there was an outage of their networks that was believed to have been caused by “high levels of congestion” on their networks. Google claimed that it affected the Cloud network, GSuite, GMail and Youtube. The issue was not corrected in full until 7:00pm EST that evening.

Mitigation

Google did not disclose how the issues occurred, or where they originated from at first, but gave a lengthy description of the situation in a blog post from VP of Engineering Benjamin Sloss, stating the following:

In essence, the root cause of Sunday’s disruption was a configuration change that was intended for a small number of servers in a single region. The configuration was incorrectly applied to a larger number of servers across several neighboring regions, and it caused those regions to stop using more than half of their available network capacity. The network traffic to/from those regions then tried to fit into the remaining network capacity, but it did not. The network became congested, and our networking systems correctly triaged the traffic overload and dropped larger, less latency-sensitive traffic in order to preserve smaller latency-sensitive traffic flows, much as urgent packages may be couriered by bicycle through even the worst traffic jam.

Google’s engineering teams detected the issue within seconds, but diagnosis and correction took far longer than our target of a few minutes. Once alerted, engineering teams quickly identified the cause of the network congestion, but the same network congestion which was creating service degradation also slowed the engineering teams’ ability to restore the correct configurations, prolonging the outage. The Google teams were keenly aware that every minute which passed represented another minute of user impact, and brought on additional help to parallelize restoration efforts.

However, it is important to note a few things in this post that may cause concern for users and may raise questions for those concerned:

  1. What took so long to correct the issue?
  2. Why were the tools inaccessible?
  3. What was the “additional help?”
  4. Why were other regions not related to the update impacted?
  5. Why were reports also coming in from not only the US, but also around the world? Especially in Europe?

However, after a TheGodofRage investigation, there is reason to believe that China may have been behind a massive DDoS attack on Google’s mainframes yesterday in retaliation to the ongoing Trade war between the US and China, and an impending DOJ/FTC antitrust lawsuit.

 

China and Google’s Relationship

Since 2000, China and Google have had a major relationship in terms of Business and finances, but not without issues. Starting in 2000, the establishment of Google’s access in China, the country has been secretly spying on the company and their practices, almost utilizing the company almost immediately, holding data hostage.

On August 29, 2000, Google announced the launch of their site in Mainland China in conjunction with NetEase, a Chinese internet and video game developer that also partners with Blizzard Entertainment for their titles WoW, Warcraft and Overwatch.:

Google, developer of the award-winning Google search engine, and NetEase, (NASDAQ: NTES) China’s leading Internet technology company, today announced that NetEase has selected Google as its premier Chinese language-specific search engine and default web search results provider. Under the agreement, Google will provide its Chinese language-specific search and underlying global web search engine to complement NetEase’s web directory and content channel network found at http://www.163.com. NetEase expects to unveil its next generation web directory and integrate the Google services within the next 15 days. NetEase provides Chinese language services centered around Internet content, community, and e-commerce.

Then, over the next Seven years, the Chinese Government begins to bully the coproation relentlessly, forcing them to Censor certain articles and news that would paint the Communist party in a bad light:

  • In Sept. of 2002, China began to block Google after the government began to discover that Google had not adapted to censorship guidelines within their browser. (BBC)
  • In 2004, two years after the censorship began, Google decided to comply with the regulations, saying in a blog post:

For users inside the People’s Republic of China, we have chosen not to include sources that are inaccessible from within that country….

…However, it’s clear that search results deemed to be sensitive for political or other reasons are inaccessible within China. There is nothing Google can do about this.For last week’s launch of the Chinese-language edition of Google News, we had to decide whether sources that cannot be viewed in China should be included for Google News users inside the PRC. Naturally, we want to present as broad a range of news sources as possible….

… It is possible that there would be some small user value to just seeing the headlines. However, simply showing these headlines would likely result in Google News being blocked altogether in China.

  • Mere Months after the statement was released, in May of 2005, Google opens up an office in China, snagging the Google CN domain and further comply with guidelines set forth by the Chinese Government. (TheRegister)
  • The next year, Google sells their investment stock in Baidu, a Chinese Search engine competitor worth $25 million. (NYT)
  • Over the next three years, China and Google’s relationship sours as China begins to crackdown on internet “vulgarity” blocking YouTube and other content, Google tries to resist these attempts.

 

Operation Aurora

In June of 2009, at the midst of a tug of war between Google and China, a Chinese Hacker Army sanctioned by the Chinese Government, PLA Unit 61398, began a six-month long attack on Google’s mainframe. The operation, titled “Operation Aurora” can be considered one of the greatest breaches of Intellectual Property in world history due to the organization of the attack, and the long-term results it has achieved.

On January 12, 2010, Google disclosed, after the six month operation, that they had been the victims of a cyber-attack campaign that targeted not only Google, but companies associated with their services. The blog post read in part the following:

In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different….

….we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted….These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all.

What is also important to note is that companies close to the US Government, according to a 2010 Washington Post article, were affected. The Washington Post reported that 34 total companies were affected, which included Cyber-Security giant Symantec, Aerospace and Defense giant Northrop Grumman and chemical corporation Dow Chemical, that specialized in the development of weapons, chemicals, and even nuclear weapons. Washington Post alleged that this was an Espionage campaign lodged against the US to steal IP secrets to use against the United States.

One of the affected companies, Microsoft, was having their IE browser “zombified” to track a user’s browsing history, which extended into Northrop Grumman and, allegedly, the Pentagon. What made matters worse is that Microsoft was well aware of the security hole since September.

Other companies that were affected by the attacks were:

  • Juniper Networks (Networking and Router/Modem support)
  • Rackspace (Cloud Computing)
  • Morgan Stanley (Banking)
  • Adobe Software (Multimedia and creativity software)

There have not been any explicit details on what was stolen from these companies, but it is highly likely that several projects, including Google Cloud, which was new at the time, Gmail data, and other projects were stolen from Google and other companies working in conjunction with Google or using Internet Explorer for business purposes.

As of 2014, Google and other services, excluding Google’s China maps, have been blocked from access in China and it is currently unknown if it will ever be unblocked.

 

Dragonfly

On August 1, 2018, Ryan Gallagher of The Intercept published a bombshell article that revealed that, after seven years of general inactivity and cyber-attacks conducted by China, as well as spying operations on the United States, Google had been working with the Chinese government to institute a new browser that would adhere to censorship guidelines on China’s internet, in exchange for access back into China.

The project, code-named “Dragonfly”, was initiated in the Spring of 2017, and was supposed to be Google’s return back into China. The Intercept reported the following:

Documents seen by The Intercept, marked “Google confidential,” say that Google’s Chinese search app will automatically identify and filter websites blocked by the Great Firewall. When a person carries out a search, banned websites will be removed from the first page of results, and a disclaimer will be displayed stating that “some results may have been removed due to statutory requirements.” Examples cited in the documents of websites that will be subject to the censorship include those of British news broadcaster BBC and the online encyclopedia Wikipedia.

The search app will also “blacklist sensitive queries” so that “no results will be shown” at all when people enter certain words or phrases, the documents state. The censorship will apply across the platform: Google’s image search, automatic spell check and suggested search features will incorporate the blacklists, meaning that they will not recommend people information or photographs the government has banned.

An anonymous source that reached out to The Intercept said that it would “become a template for many other nations.”

The Intercept also reported the following as well:

In December 2017, sources say Pichai traveled to China and attended a private meeting with Wang Huning, a leading figure in the Communist Party. Wang is President Xi’s top foreign policy adviser and has been described as “China’s Kissinger.” Pichai is said to have viewed the meeting as a success.

Pichai was a guest at the Chinese Internet Conference, and stated on a panel that Google still help’s businesses grown in China despite their ban. That same month, only a week and a half later, Pichai announced that Google was going to open an A.I. research center in Beijing to help the Chinese give “a say” on future technology.

 

Three months after the report surfaced, Google claimed that the project had been shut down due to “internal confrontation” from employees against the product. In The Intercept’s followup article, a shocking revelation was revealed that Google had, in fact, never left the Chinese market completely:

According to two Google sources, engineers working on Dragonfly obtained large datasets showing queries that Chinese people were entering into the 265.com search engine. At least one of the engineers obtained a key needed to access an “application programming interface,” or API, associated with 265.com, and used it to harvest search data from the site. Members of Google’s privacy team, however, were kept in the dark about the use of 265.com — a serious breach of company protocol.

The engineers used the data they pulled from 265.com to learn about the kinds of things that people located in mainland China routinely search for in Mandarin. This helped them to build a prototype of Dragonfly. The engineers used the sample queries from 265.com, for instance, to review lists of websites Chinese people would see if they typed the same word or phrase into Google. They then used a tool they called “BeaconTower” to check whether any websites in the Google search results would be blocked by China’s internet censorship system, known as the Great Firewall. Through this process, the engineers compiled a list of thousands of banned websites, which they integrated into the Dragonfly search platform so that it would purge links to websites prohibited in China, such as those of the online encyclopedia Wikipedia and British news broadcaster BBC.

265.com was purchased by google and was under a subsidiary in China, but had not been disclosed. The Google team would pull data and adjust the browser accordingly to search interests and censorship guidelines. When the data flow stopped though, the project was stalemated, and then subsequently cancelled.

However, in March, the Intercept once again reported that the browser’s development was back on, despite claims it had been killed. The team had not been disbanded, but relocated to other browser domains, including in the United States. Some have said that the company will try again in at least a year, or by 2021.

 

Current Day

The events of the last 20 years leads up to this week, with major events culminating into aggressive movements by China to force the united States to continue allowing thefts of their Intellectual Property and economic sabotage by China.

With the recent movements by the United States on certain fronts against Chian and their interests, this gives major circumstantial evidence that the events on Sunday were indeed a DDoS.

There are two major factors that have contributed to the Events of June 2nd:

The ongoing Trade War with China.

The news has relentlessly been covering the fallout from the Us-China trade war and implications it may have for both economies. However, the Us and China were close to a deal at one point before talks cooled and delved into a tariff war and president Xi Jinping declaring a “new long march” for the country.

Recently, in a CNBC article, the US reiterated accusations that China had “backpedaled” on promises to combat intellectual property theft from the United States. The promise would have had China crack down on espionage operations and, reportedly,  broaden enforcement powers to stop such attacks. However, Trump accused the Chinese of going back on that agreement, and sending the whole deal underwater.

Keep in mind that, in addition to Google, China has also been investing into other corporations and forcing other companies to surrender to censorship rules such as:

And other companies doing business within China and the United States.

By the United States enforcing new rules and tariffs onto the Chinese, the economic growth of China would plummet and technology would be stagnated with new enforcement rules and heightened cyber-security measures to prevent leaks.

However, this refusal to accept the IP clauses have lead to a second, boil-point factor that caused yesterday’s events.

 

The DOJ / FTC Antitrust Suit

What may have been overshadowed as a result of the outage is that, the day before, the Wall Street Journal released a report that had stated that the DOJ was poreparing to launch an Anti-trust probe into google that would expand to, supposedly, all corners of the company.

By doing this, not only would the Department of Justice uncover business motivations and other political motivations, but could expose the entire Chinese-Google business relationship as a whole. This could even mean that projects and investments that are under lock and key can be revealed if the DOJ wishes to investigate such an event or subject.

This could also lead to collusion investigations not just between companies such as Facebook, Google, Twitter or others, but rather companies and their relationships to adversaries. By doing this, this could reveal that the United States is NOT in control of the internet, but rather China, is in control of most of the internet data and services provided today.

 

The Theory

The theory that this was a DDoS attack on the United States as a whole is as follows:

  • The WSJ announces that an Anti-Trust lawsuit and probe will be taking place against the big four of tech, with at least three of them having vested interests in China.
    • Doing so would lead to the discovery that the Chinese may be influencing business, political and even economic decisions in some capacity, or even in a financial way.
    • This could also be seen by China as a repercussion for them not accepting, or staying true to the deal.
  • In response, China launches a limited DDoS attack on the Eastern United States that takes off large sections of the internet, which also included cellular service and even internet service as a whole.
    • This is an effort by China to tell the US to not launch the probes and to force the Us to drop the IP clause in the deal.
    • This also forces the hand of the Untied States on the Iran issue and their foreign policy, forcing them to take a defensive strategy and allow for the Chinese to continue cyber-attacks.
  • The US, still wary from the attack and still on edge about it, acknowledges that China, if they wish, can disrupt the internet in a more widespread capacity that would cripple the US Economy.
    • 15% of transactions were online in 2018, with that number likely growing in 2019.
    • By shutting off the internet, it could also disrupt communication lines and other forms of production. So in the event of the war (remember the NEST lockout?) citizens can be seen as a very inviting target and the military cannot mobilize on time.
    • Computers can also be turned into “Zombie” computers that can attack a host of services without the user knowing, which is called a “BotNet.” This would have cataclysmic consequences for the US should this happen.
  • The US has two choices on the table:
    • Accept the defeat and knock the IP clause out of the deal.
    • Restructure the IP clause to the point in which the Chinese approve of the deal.

Shortly after these events, the following also occurred:

The United States and China are currently in a Major game of economic chess, and it seems that the United States has been put into a gutsy check by the Chinese as a result of this DDoS. The US May shortly be arriving back to the negotiating table soon to work out a deal as a result of the attacks. If they do not, it is likely that the Chinese may launch another attack.

As we were writing this article, there seemed to be more issues at Google cloud, but in an extremely limited capacity, with barely any effects on services. Other issues occurred last night at the PS Network and Earlier Today with Apple services.

It is currently unknown if these outages are related to one another, but no other major issues have happened as of June 4th.