Google disappears for Irish internet users - but was it a nameserver hack or admin screwup?

Filed Under: Featured, Google, Malware, Vulnerability

Google Ireland logoThousands of Irish internet users found that they were unable to access Google earlier today when the nameservers for began to point to a third-party server based in Indonesia.

Whether this was the result of a malicious hack or an admin screwup is as yet uncertain, but the danger was that if someone bad was responsible for the change they could have potentially taken users to a bogus Google website, and infected them with malware or distributed advertising pop-ups.

Many Irish users turned to social networking sites to describe how they were unable to access

Irish internet users note the disappearance of

For a period of time, the IEDR (Irish Domain Registry) was incorrectly pointing users to nameservers called, apparently based in Indonesia.

descr:        Google, Inc
descr:        Body Corporate (Ltd,PLC,Company)
descr:        Registered Trade Mark Name
admin-c:      KR59-IEDR
tech-c:       CCA7-IEDR
registration: 21-March-2002
renewal:      21-March-2013
status:       Active
source:       IEDR

person:       Kulpreet Rana
nic-hdl:      KR59-IEDR
source:       IEDR

person:       eMarkmonitor Inc
nic-hdl:      CCA7-IEDR
source:       IEDR

The question is - who changed's name server entry? Was it an authorised change, or did a malicious hacker gain access to IEDR's systems and make the change to hijack traffic for their own criminal ends?

Interestingly, internet listings describe Kulpreet Rana as a director of intellectual property at Google. Of course, it may not have been the real Kulpreet Rana who was responsible for the change - someone else might have been simply using their name.

Biography of Mr Kulpreet Rana

Robtex provides an interesting graphic showing other websites that use the same nameserver (

Sites using as a nameserver

It will be interesting to see what - if anything - Google, the IEDR or MarkMonitor has to say about this. We'll update this post with more information as it becomes available.

, , , , , , , , ,

You might like

One Response to Google disappears for Irish internet users - but was it a nameserver hack or admin screwup?

  1. Vijay · 1087 days ago

    It appears (and were "hijacked" according to The Register:

    There is also a notice on IEDR's web site about a security incident:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley