Google disappears for Irish internet users - but was it a nameserver hack or admin screwup?

by Graham Cluley on October 9, 2012 | 1 Comment

Filed Under: Featured, Google, Malware, Vulnerability

Google Ireland logoThousands of Irish internet users found that they were unable to access Google earlier today when the nameservers for google.ie began to point to a third-party server based in Indonesia.

Whether this was the result of a malicious hack or an admin screwup is as yet uncertain, but the danger was that if someone bad was responsible for the change they could have potentially taken users to a bogus Google website, and infected them with malware or distributed advertising pop-ups.

Many Irish users turned to social networking sites to describe how they were unable to access google.ie.

Irish internet users note the disappearance of Google.ie

For a period of time, the IEDR (Irish Domain Registry) was incorrectly pointing users to nameservers called farahatz.net, apparently based in Indonesia.

domain:       google.ie
descr:        Google, Inc
descr:        Body Corporate (Ltd,PLC,Company)
descr:        Registered Trade Mark Name
admin-c:      KR59-IEDR
tech-c:       CCA7-IEDR
registration: 21-March-2002
renewal:      21-March-2013
status:       Active
nserver:      ns1.farahatz.net  
nserver:      ns2.farahatz.net  
source:       IEDR

person:       Kulpreet Rana
nic-hdl:      KR59-IEDR
source:       IEDR

person:       eMarkmonitor Inc
nic-hdl:      CCA7-IEDR
source:       IEDR

The question is - who changed Google.ie's name server entry? Was it an authorised change, or did a malicious hacker gain access to IEDR's systems and make the change to hijack traffic for their own criminal ends?

Interestingly, internet listings describe Kulpreet Rana as a director of intellectual property at Google. Of course, it may not have been the real Kulpreet Rana who was responsible for the change - someone else might have been simply using their name.

Biography of Mr Kulpreet Rana

Robtex provides an interesting graphic showing other websites that use the same nameserver (ns1.farahatz.net):

Sites using farahatz.net as a nameserver

It will be interesting to see what - if anything - Google, the IEDR or MarkMonitor has to say about this. We'll update this post with more information as it becomes available.

Tags: , , , , , , , , ,

One Response to Google disappears for Irish internet users - but was it a nameserver hack or admin screwup?

  1. Vijay says:
    October 12, 2012 at 8:47 am

    It appears Googe.ie (and yahoo.ie) were "hijacked" according to The Register: http://www.theregister.co.uk/2012/10/10/google_an...

    There is also a notice on IEDR's web site about a security incident: http://www.domainregistry.ie/

    Reply Report comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.