Google Goes Dark for Two Minutes. Panic Ensues.

[wraith808]

Google goes dark for 2 minutes, kills 40% of world's net traffic

You can all relax now. The near-unprecedented outage that seemingly affected all of Google's services for a brief time on Friday is over.

The event began at approximately 4:37pm Pacific Time and lasted between one and five minutes, according to the Google Apps Dashboard. All of the Google Apps services reported being back online by 4:48pm.

The incident apparently blacked out every service Mountain View has to offer simultaneously, from Google Search to Gmail, YouTube, Google Drive, and beyond.

Big deal, right? Everyone has technical difficulties every once in a while. It goes with the territory.

But then, not everyone is Google. According to web analytics firm GoSquared, worldwide internet traffic dipped by a stunning 40 per cent during the brief minutes that the Chocolate Factory's services were offline. Here's the graph of what that looked like:

More at link.

They were updating the NSA's backdoor is my call...

[Renegade]

They were updating the NSA's backdoor is my call...

-wraith808 (August 17, 2013, 09:31 AM)

Hahahah!  

I suppose that I'm sort of tired of Google and whatnot. My reaction to the outage was, "meh."

[IainB]

...They were updating the NSA's backdoor is my call...

-wraith808 (August 17, 2013, 09:31 AM)

SNAP! An almost exact same thought occurred to me - and probably a million other people on the planet, upon reading of this news.
I recall sometime in (I think it was) 2008/9 reading of a spate of mysterious outages in international undersea cable telecoms links to some countries in the the Middle East and elsewhere. The comment was vouchsafed that a deep-sea fishing trawler's net must have accidentally snagged the cables, or something...
At the time, I thought to myself "Yeah, right. I wonder if they snagged the satellite transmissions network too?"

[mwb1100]

Big deal, right?

The problem is that so many webpages hit Google themselves (for analytics and what not), so even if you weren't trying to get to Google or Google's apps directly, there's still a very good chance that the sites you were trying to access didn't work very well.

[Renegade]

Big deal, right?

The problem is that so many webpages hit Google themselves (for analytics and what not), so even if you weren't trying to get to Google or Google's apps directly, there's still a very good chance that the sites you were trying to access didn't work very well.

-mwb1100 (August 17, 2013, 11:55 AM)

Probably not. I've blocked a lot of Google domains at the DNS level, and they all work just fine. Google really adds no value to any site for any user.

[40hz]

...They were updating the NSA's backdoor is my call...

-wraith808 (August 17, 2013, 09:31 AM)

SNAP! An almost exact same thought occurred to me - and probably a million other people on the planet, upon reading of this news.
I recall sometime in (I think it was) 2008/9 reading of a spate of mysterious outages in international undersea cable telecoms links to some countries in the the Middle East and elsewhere. The comment was vouchsafed that a deep-sea fishing trawler's net must have accidentally snagged the cables, or something...
At the time, I thought to myself "Yeah, right. I wonder if they snagged the satellite transmissions network too?"

-IainB (August 17, 2013, 11:43 AM)

+1 w/Wraith and IainB- Sure sounds like "government work." That'd be my guess too.

And 2 minutes would be more than enough time to insert a middle man into a data stream or install a passive tap on it.

[TaoPhoenix]

Heh that famous response of "Neither confirm or deny" = "confirm" now, right?

[Vurbal]

Google really adds no value to any site for any user.

-Renegade (August 17, 2013, 12:19 PM)

Umm ok. That's quite a blanket (and silly) statement.

[rgdot]

Google has plenty of good products, gmail, search...the usual. But their ad network and analytics are not in that category. The analytics, used by many webmasters and therefore potentially affecting many sites (even counting the 'place the code in the footer' trick) is one of the most overrated online tools.

My 1.25c 

[Renegade]

Google really adds no value to any site for any user.

-Renegade (August 17, 2013, 12:19 PM)

Umm ok. That's quite a blanket (and silly) statement.

-Vurbal (August 17, 2013, 06:47 PM)

Ads and tracking add no value at all for the user. They are actually negative value. Google's hosting of jquery or whatever is just more tracking, and nothing any site can't do itself.

Just WHAT value does Google add to any site for any user?

[wraith808]

Ads and tracking add no value at all for the user. They are actually negative value. Google's hosting of jquery or whatever is just more tracking, and nothing any site can't do itself.

-Renegade (August 17, 2013, 08:57 PM)

Yes, you can do it yourself, but by tapping into the codebase that google provides, you save yourself quite a bit of maintenance, which points to what it provides for the end user in those cases; using a shared library means that if there are any security updates, the sites that use the codebase directly from there are exposed for less time.

Not agreeing one way or the other... just pointing that out.

[Renegade]

Ads and tracking add no value at all for the user. They are actually negative value. Google's hosting of jquery or whatever is just more tracking, and nothing any site can't do itself.

-Renegade (August 17, 2013, 08:57 PM)

Yes, you can do it yourself, but by tapping into the codebase that google provides, you save yourself quite a bit of maintenance, which points to what it provides for the end user in those cases; using a shared library means that if there are any security updates, the sites that use the codebase directly from there are exposed for less time.

Not agreeing one way or the other... just pointing that out.

-wraith808 (August 17, 2013, 09:10 PM)

They certainly add value for site operators.

But for things like shared libraries stored on high-bandwidth CDNs and whatever, any benefit for the user is marginal. If a site can't load the 43 kb of jquery in addition to the images and everything else from the site, a CDN for jquery isn't going to help at all. For security, well, that's a two-edged sword. Users have less security and less privacy to start with by virtue of sites using shared libraries, so how does that balance out? My bet is that the small worry of an exploit in jquery (or whatever) is by far outweighed by the guaranteed loss of security and privacy from shared libraries.

I guess this goes back to all those fights we saw a decade or so ago about cookies and privacy. The pro-cookie side cited technical functionality while the anti-cookie side looked at the bigger picture. The big picture seems to be more important today, or perhaps it might be better to say "more obvious today".

[mwb1100]

Probably not. I've blocked a lot of Google domains at the DNS level, and they all work just fine. Google really adds no value to any site for any user.

-Renegade (August 17, 2013, 12:19 PM)

Blocking at DNS may behave differently than DNS directing a request a server that doesn't respond in a timely manner.  In the first case things fail fast, in the second case things might take a looong time to fail, making the site load slowly or not at all.  That was my experience during the Google blackout.  I was thinking of loading my hosts file into an editor and adding the various DNS names that seemed to be causing my browser to stall to resolve to localhost or something, but I figured it would be more effort than just waiting out the problem.

Whether there's value or not in the Google service is a separate issue (and the value is often to the website, not the reader).

[4wd]

I was thinking of loading my hosts file into an editor and adding the various DNS names that seemed to be causing my browser to stall to resolve to localhost or something, but I figured it would be more effort than just waiting out the problem.

-mwb1100 (August 18, 2013, 11:49 PM)

I use the hosts file from MVPS which has a lot of Google stuff in it - I've used it for almost a year and it doesn't seem to have affected normal browsing.

(I've now implemented it into my router so it applies to anything that connects to the internet in my house.)

Excerpt

# [Google Inc]
127.0.0.1  domains.googlesyndication.com #[Parking Service]
127.0.0.1  pagead2.googlesyndication.com #[Google AdWords]
127.0.0.1  video-stats.video.google.com
127.0.0.1  ssl.google-analytics.com
127.0.0.1  google-analytics.com
127.0.0.1  www.google-analytics.com #[Google Analytics]
127.0.0.1  4.afs.googleadservices.com
127.0.0.1  pagead2.googleadservices.com
127.0.0.1  partner.googleadservices.com
127.0.0.1  www.googleadservices.com
127.0.0.1  apps5.oingo.com #[Microsoft.Typo-Patrol]
127.0.0.1  www.appliedsemantics.com
127.0.0.1  service.urchin.com #[Urchin Tracking Module]
# [Google][AS15169][108.170.192.0 - 108.170.255.255]
127.0.0.1  bec.px.invitemedia.com
127.0.0.1  conversion-pixel.invitemedia.com
# [Google / DoubleClick][AS15169][173.194.0.0 - 173.194.255.255]
127.0.0.1  dp.g.doubleclick.net
# [Google / DoubleClick][AS15169][209.85.128.0 - 209.85.255.255]
127.0.0.1  analytics-api-samples.googlecode.com #[Google Analytics social tracking]
# [Google / DoubleClick][AS15169][64.233.160.0 - 64.233.191.255]
127.0.0.1  m1.2mdn.net #[a509.cd.akamai.net]
127.0.0.1  rmcdn.2mdn.net
127.0.0.1  rmcdn.f.2mdn.net
127.0.0.1  n339.asp-cc.com
127.0.0.1  ads.cc-dt.com
127.0.0.1  clickserve.cc-dt.com
127.0.0.1  creative.cc-dt.com
127.0.0.1  clickserve.dartsearch.net
127.0.0.1  clickserve.eu.dartsearch.net
127.0.0.1  clickserve.uk.dartsearch.net
127.0.0.1  doubleclick.net
127.0.0.1  ad.doubleclick.net #[MVPS.Criteria]
127.0.0.1  ad-g.doubleclick.net
127.0.0.1  ad2.doubleclick.net
127.0.0.1  ad.ae.doubleclick.net
127.0.0.1  ad.ar.doubleclick.net
127.0.0.1  ad.at.doubleclick.net
127.0.0.1  ad.au.doubleclick.net
127.0.0.1  ad.be.doubleclick.net
127.0.0.1  ad.br.doubleclick.net
127.0.0.1  ad.ca.doubleclick.net
127.0.0.1  ad.ch.doubleclick.net
127.0.0.1  ad.cl.doubleclick.net
127.0.0.1  ad.cn.doubleclick.net
127.0.0.1  ad.de.doubleclick.net #[Tracking.Cookie]
127.0.0.1  ad.dk.doubleclick.net
127.0.0.1  ad.es.doubleclick.net
127.0.0.1  ad.fi.doubleclick.net
127.0.0.1  ad.fr.doubleclick.net
127.0.0.1  ad.gr.doubleclick.net
127.0.0.1  ad.hk.doubleclick.net
127.0.0.1  ad.hr.doubleclick.net
127.0.0.1  ad.hu.doubleclick.net
127.0.0.1  ad.ie.doubleclick.net
127.0.0.1  ad.in.doubleclick.net
127.0.0.1  ad.jp.doubleclick.net
127.0.0.1  ad.kr.doubleclick.net
127.0.0.1  ad.it.doubleclick.net
127.0.0.1  ad.nl.doubleclick.net
127.0.0.1  ad.no.doubleclick.net
127.0.0.1  ad.nz.doubleclick.net
127.0.0.1  ad.pl.doubleclick.net
127.0.0.1  ad.pt.doubleclick.net
127.0.0.1  ad.ro.doubleclick.net
127.0.0.1  ad.ru.doubleclick.net
127.0.0.1  ad.se.doubleclick.net
127.0.0.1  ad.sg.doubleclick.net
127.0.0.1  ad.si.doubleclick.net
127.0.0.1  ad.terra.doubleclick.net
127.0.0.1  ad.th.doubleclick.net
127.0.0.1  ad.tw.doubleclick.net
127.0.0.1  ad.uk.doubleclick.net
127.0.0.1  ad.us.doubleclick.net
127.0.0.1  ad.za.doubleclick.net
127.0.0.1  ad.n2434.doubleclick.net
127.0.0.1  ad-emea.doubleclick.net
127.0.0.1  creatives.doubleclick.net
127.0.0.1  dfp.doubleclick.net
127.0.0.1  feedads.g.doubleclick.net
127.0.0.1  fls.doubleclick.net
127.0.0.1  fls.uk.doubleclick.net
127.0.0.1  googleads.g.doubleclick.net #[pagead-dclk.l.google.com]
127.0.0.1  ir.doubleclick.net
127.0.0.1  iv.doubleclick.net
127.0.0.1  m.doubleclick.net
127.0.0.1  motifcdn.doubleclick.net
127.0.0.1  motifcdn2.doubleclick.net
127.0.0.1  n4052ad.doubleclick.net
127.0.0.1  n4403ad.doubleclick.net
127.0.0.1  n479ad.doubleclick.net
127.0.0.1  paypalssl.doubleclick.net
127.0.0.1  pubads.g.doubleclick.net
127.0.0.1  s2.video.doubleclick.net
127.0.0.1  survey.g.doubleclick.net
127.0.0.1  doubleclick.ne.jp
127.0.0.1  www3.doubleclick.net
127.0.0.1  www.doubleclick.net
127.0.0.1  doubleclick.com
127.0.0.1  www2.doubleclick.com
127.0.0.1  www3.doubleclick.com
127.0.0.1  www.doubleclick.com
127.0.0.1  tpc.googlesyndication.com
# 127.0.0.1  www.youtube-nocookie.com #[affects various videos]
# [Google / DoubleClick][AS15169][66.249.64.0 - 66.249.95.255]
127.0.0.1  ad.rs.doubleclick.net
# [Google / DoubleClick][AS15169][72.14.192.0 - 72.14.255.255]
127.0.0.1  affiliate.2mdn.net
# 127.0.0.1  s0.2mdn.net #[affects video stream]
# 127.0.0.1  static.2mdn.net #[affects Youtube]
127.0.0.1  clickserve.us2.dartsearch.net #[www3.l.google.com]
127.0.0.1  ad-apac.doubleclick.net
127.0.0.1  ad.mo.doubleclick.net
127.0.0.1  adclick.g.doubleclick.net
127.0.0.1  gan.doubleclick.net
127.0.0.1  googleads2.g.doubleclick.net
127.0.0.1  n4061ad.hk.doubleclick.net
127.0.0.1  securepubads.g.doubleclick.net
# [Google / DoubleClick][AS15169][74.125.0.0 - 74.125.255.255]
127.0.0.1  ad-ace.doubleclick.net
127.0.0.1  ad.bg.doubleclick.net
127.0.0.1  cm.g.doubleclick.net
127.0.0.1  stats.g.doubleclick.net
127.0.0.1  fls.au.doubleclick.net
127.0.0.1  log2.quintelligence.com
# [Google / DoubleClick][AS6432][216.73.80.0 - 216.73.95.255]
127.0.0.1  www.destinationurl.com
127.0.0.1  doubleclick.shockwave.com
127.0.0.1  www3.webhostingtalk.com #[ad.3ad.doubleclick.net]

[Renegade]

Whether there's value or not in the Google service is a separate issue (and the value is often to the website, not the reader).

-mwb1100 (August 18, 2013, 11:49 PM)

It certainly helps web site operators. I don't think that's in dispute. I just can't see any net benefit to users.

[IainB]

What a surprise! (NOT)

Snowden leaks: UK has secret Middle-East web surveillance base collecting emails, phone calls and web traffic

Image: Edward Snowden

BY DUNCAN CAMPBELL , OLIVER WRIGHT, JAMES CUSICK, KIM SENGUPTA – 23 August 2013
Britain runs a secret Middle East-based listening post collecting vast quantities of emails, telephone calls and web traffic on behalf of Western intelligence agencies.

The station is able to tap into and extract data from the underwater fibre-optic cables passing through the region.

The information is then processed for intelligence and passed to GCHQ in Cheltenham and shared with the National Security Agency (NSA) in the United States. The Government claims the station is a key element in the West’s “war on terror” and provides a vital “early warning” system for potential attacks around the world.

The Independent is not revealing the precise location of the station but information on its activities was contained in the leaked documents obtained from the NSA by Edward Snowden. The Guardian newspaper’s reporting on these documents in recent months has sparked a dispute with the Government, with GCHQ security experts overseeing the destruction of hard drives containing the data.

The Middle East installation is regarded as particularly valuable by the British and Americans because it can access submarine cables passing through the region. All of the messages and data passed back and forth on the cables is copied into giant computer storage “buffers” and then sifted for data of special interest.

Information about the project was contained in 50,000 GCHQ documents that Mr Snowden downloaded during 2012. Many of them came from an internal Wikipedia-style information site called GC-Wiki. Unlike the public Wikipedia, GCHQ’s wiki was generally classified Top Secret  or above.

The disclosure comes as the Metropolitan Police announced it was launching a terrorism investigation into material found on the computer of David Miranda, the Brazilian partner of The Guardian journalist Glenn Greenwald – who is at the centre of the Snowden controversy.

Scotland Yard said material examined so far from the computer of Mr Miranda was “highly sensitive”, the disclosure of which “could put lives at risk”.

The Independent understands that The Guardian agreed to the Government’s request not to publish any material contained in the Snowden documents that could damage national security.

As well as destroying a computer containing one copy of the Snowden files, the paper’s editor, Alan Rusbridger, agreed to restrict the newspaper’s reporting of the documents.

The Government also demanded that the paper not publish details of how UK telecoms firms, including BT and Vodafone, were secretly collaborating with GCHQ to intercept the vast majority of all internet traffic entering the country. The paper had details of the highly controversial and secret programme for over a month. But it only published information on the scheme – which involved paying the companies to tap into fibre-optic cables entering Britain – after the allegations appeared in the German newspaper Süddeutsche Zeitung. A Guardian spokeswoman refused to comment on any deal with the Government.

A senior Whitehall source said: “We agreed with The Guardian that our  discussions with them would remain confidential”.

But there are fears in Government that Mr Greenwald – who still has access to the files – could attempt to release damaging information.

He said after the arrest of Mr Miranda: “I will be far more aggressive in my reporting from now. I am going to publish many more documents. I have many more documents on England’s spy system. I think  they will be sorry for what they did.”

One of the areas of concern in Whitehall is that details of the Middle East spying base which could identify its location could enter the public domain.

The data-gathering operation is part of a £1bn internet project still being assembled by GCHQ. It is part of the surveillance and monitoring system, code-named “Tempora”, whose wider aim is the global interception of digital communications, such as emails and text messages.

Across three sites, communications – including telephone calls – are tracked both by satellite dishes and by tapping into underwater fibre-optic cables.

Access to Middle East traffic has become critical to both US and UK intelligence agencies post-9/11. The Maryland headquarters of the NSA and the Defence Department in Washington have pushed for greater co-operation and technology sharing between US and UK intelligence agencies.

The Middle East station was set up under a warrant signed by the then Foreign Secretary David Miliband, authorising GCHQ to monitor and store for analysis data passing through the network of fibre-optic cables that link up the internet around the world

The certificate authorised GCHQ to collect information about the “political intentions of foreign powers”, terrorism, proliferation, mercenaries and private military companies, and serious financial fraud.

However, the certificates are reissued every six months and can be changed by ministers at will. GCHQ officials are then free to target anyone who is overseas or communicating from overseas without further checks or controls if they think they fall within the terms of a current certificate.

The precise budget for this expensive covert technology is regarded as sensitive by the Ministry of Defence and the Foreign Office.

However, the scale of Middle East operation, and GCHQ’s increasing use of sub-sea technology to intercept communications along high-capacity cables, suggest a substantial investment.

Intelligence sources have denied the aim is a blanket gathering of all communications, insisting the operation is targeted at security, terror and organised crime.