Google.ie hijacked NOT hacked
10 October 2012 12:47 | Posted by Philip
If like us you were online at any point yesterday and tried to use www.google.ie you may have noticed it was inaccessible. We did too. Initially it was fobbed off as a run of the mill website malfunction or server issue but as the day wore on concerns rose.
Realising there was an issue that wasn’t going away anytime soon, an email went around the Lucidity Digital HQ.
This worked for a period but many of my colleagues reported that they had absolutely no access to their Gmail accounts. Shortly before 6pm Google reported this to Newstalk, ‘we are aware that some users are having difficulties accessing www.google.ie and we are working to fix the problem”. What they didn’t mention was that this was not a regular snag but rather foul play. It has since emerged that Google.ie weren’t alone, Yahoo.ie also experienced inaccessibility problems.
When we went to access the IEDR website we found this. That message is still being displayed today.
When the Irish Domain Registry (IEDR) was contacted about the issue they had this to say, “The consequence of the change is that visitors to the two websites would be redirected to an allegedly fraudulent address. The IEDR worked with the Registrar to ensure that the nameserver records have been corrected”.
Those names have indeed been corrected and Google.ie is now back and running but is that good enough? What questions now arise of the security of Ireland Domain Registry?
Normally Google uses three backup servers which we have listed below:
At the time of the incident those nameservers changed to this:
Spot the difference?
When our team had a look behind the scenes to see who was responsible for the nameserver farahatz.net, (the nameserver that was being used when the initial error occurred), this is what we found.
The Google domain was being redirected to an address in Jakarta Indonesia.
Now for the complicated stuff. The DNS (domain name system) was not hacked but rather hijacked. This is the term used when the nameserver is altered. Due to the fact Google did not issue the change, we at Lucidity can only speculate that someone in IEDR made the error or that the domain registry were in fact hacked.
The IEDR are calling the incident an ‘unauthorised change’ but issues surrounding the security of the Irish domain registry will be heavily scrutinised now.
Do you have a .IE domain? Does this incident worry you?
We will update this story as things unfold.
Leave your thoughts and comments.
figure 1 [source: www.technology.ie]