Thousands of Irish internet users found that they were unable to access Google earlier today when the nameservers for google.ie began to point to a third-party server based in Indonesia.
Whether this was the result of a malicious hack or an admin screwup is as yet uncertain, but the danger was that if someone bad was responsible for the change they could have potentially taken users to a bogus Google website, and infected them with malware or distributed advertising pop-ups.
Many Irish users turned to social networking sites to describe how they were unable to access google.ie.
For a period of time, the IEDR (Irish Domain Registry) was incorrectly pointing users to nameservers called farahatz.net, apparently based in Indonesia.
domain: google.ie descr: Google, Inc descr: Body Corporate (Ltd,PLC,Company) descr: Registered Trade Mark Name admin-c: KR59-IEDR tech-c: CCA7-IEDR registration: 21-March-2002 renewal: 21-March-2013 status: Active nserver: ns1.farahatz.net nserver: ns2.farahatz.net source: IEDR person: Kulpreet Rana nic-hdl: KR59-IEDR source: IEDR person: eMarkmonitor Inc nic-hdl: CCA7-IEDR source: IEDR
The question is – who changed Google.ie’s name server entry? Was it an authorised change, or did a malicious hacker gain access to IEDR’s systems and make the change to hijack traffic for their own criminal ends?
Interestingly, internet listings describe Kulpreet Rana as a director of intellectual property at Google. Of course, it may not have been the real Kulpreet Rana who was responsible for the change – someone else might have been simply using their name.
Robtex provides an interesting graphic showing other websites that use the same nameserver (ns1.farahatz.net):
It will be interesting to see what – if anything – Google, the IEDR or MarkMonitor has to say about this. We’ll update this post with more information as it becomes available.