Google.ie hijacked NOT hacked

Google.ie down?

If like us you were online at any point yesterday and tried to use www.google.ie you may have noticed it was inaccessible. We did too. Initially it was fobbed off as a run of the mill website malfunction or server issue but as the day wore on concerns rose.

Realising there was an issue that wasn’t going away anytime soon, an email went around the Lucidity Digital HQ.

Google.ie website error workaround

This worked for a period but many of my colleagues reported that they had absolutely no access to their Gmail accounts. Shortly before 6pm Google reported this to Newstalk, ‘we are aware that some users are having difficulties accessing www.google.ie and we are working to fix the problem”. What they didn’t mention was that this was not a regular snag but rather foul play. It has since emerged that Google.ie weren’t alone, Yahoo.ie also experienced inaccessibility problems.
When we went to access the IEDR website we found this. That message is still being displayed today.

IEDR website error Ireland domain registry

When the Irish Domain Registry (IEDR) was contacted about the issue they had this to say, “The consequence of the change is that visitors to the two websites would be redirected to an allegedly fraudulent address. The IEDR worked with the Registrar to ensure that the nameserver records have been corrected”.
Those names have indeed been corrected and Google.ie is now back and running but is that good enough? What questions now arise of the security of Ireland Domain Registry?
Normally Google uses three backup servers which we have listed below:

Google nameserver

At the time of the incident those nameservers changed to this:

Google nameserver error

Spot the difference?

figure 1

When our team had a look behind the scenes to see who was responsible for the nameserver farahatz.net, (the nameserver that was being used when the initial error occurred), this is what we found.

Farahatz nameserver redirect Indonesia

The Google domain was being redirected to an address in Jakarta Indonesia.

Now for the complicated stuff. The DNS (domain name system) was not hacked but rather hijacked. This is the term used when the nameserver is altered. Due to the fact Google did not issue the change, we at Lucidity can only speculate that someone in IEDR made the error or that the domain registry were in fact hacked.

The IEDR are calling the incident an ‘unauthorised change’ but issues surrounding the security of the Irish domain registry will be heavily scrutinised now.

Do you have a .IE domain? Does this incident worry you?

We will update this story as things unfold.

Leave your thoughts and comments.

figure 1 [source: www.technology.ie]

I am still unable to access google.ie. It changes to Google. com with a page that does not have news dropdowns as an example. I have to go to a different location to access local news. This only applies to my smartphone

Jerry O'Leary | 13 October 2012 16:11

Hi Jerry, thanks for your comment, please make sure you are signed into your Google account and change your preferences to Google.ie.
The url should change to https://Google.ie.

Please let us know if that works for you.

Luis | 15 October 2012 11:26

Blog

Google.ie hijacked NOT hacked

Google.ie down?

Comments

Post a Comment