Google disappears for Irish internet users - but was it a nameserver hack or admin screwup?

Filed Under: Featured, Google, Malware, Vulnerability

Google Ireland logoThousands of Irish internet users found that they were unable to access Google earlier today when the nameservers for google.ie began to point to a third-party server based in Indonesia.

Whether this was the result of a malicious hack or an admin screwup is as yet uncertain, but the danger was that if someone bad was responsible for the change they could have potentially taken users to a bogus Google website, and infected them with malware or distributed advertising pop-ups.

Many Irish users turned to social networking sites to describe how they were unable to access google.ie.

Irish internet users note the disappearance of Google.ie

For a period of time, the IEDR (Irish Domain Registry) was incorrectly pointing users to nameservers called farahatz.net, apparently based in Indonesia.

domain:       google.ie
descr:        Google, Inc
descr:        Body Corporate (Ltd,PLC,Company)
descr:        Registered Trade Mark Name
admin-c:      KR59-IEDR
tech-c:       CCA7-IEDR
registration: 21-March-2002
renewal:      21-March-2013
status:       Active
nserver:      ns1.farahatz.net  
nserver:      ns2.farahatz.net  
source:       IEDR

person:       Kulpreet Rana
nic-hdl:      KR59-IEDR
source:       IEDR

person:       eMarkmonitor Inc
nic-hdl:      CCA7-IEDR
source:       IEDR

The question is - who changed Google.ie's name server entry? Was it an authorised change, or did a malicious hacker gain access to IEDR's systems and make the change to hijack traffic for their own criminal ends?

Interestingly, internet listings describe Kulpreet Rana as a director of intellectual property at Google. Of course, it may not have been the real Kulpreet Rana who was responsible for the change - someone else might have been simply using their name.

Biography of Mr Kulpreet Rana

Robtex provides an interesting graphic showing other websites that use the same nameserver (ns1.farahatz.net):

Sites using farahatz.net as a nameserver

It will be interesting to see what - if anything - Google, the IEDR or MarkMonitor has to say about this. We'll update this post with more information as it becomes available.

, , , , , , , , ,

You might like

One Response to Google disappears for Irish internet users - but was it a nameserver hack or admin screwup?

  1. Vijay · 559 days ago

    It appears Googe.ie (and yahoo.ie) were "hijacked" according to The Register: http://www.theregister.co.uk/2012/10/10/google_an...

    There is also a notice on IEDR's web site about a security incident: http://www.domainregistry.ie/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.