Google disappears for Irish internet users – but was it a nameserver hack or admin screwup?

Google disappears for Irish internet users - but was it a nameserver hack or admin screwup?
by

Google Ireland logoThousands of Irish internet users found that they were unable to access Google earlier today when the nameservers for google.ie began to point to a third-party server based in Indonesia.

Whether this was the result of a malicious hack or an admin screwup is as yet uncertain, but the danger was that if someone bad was responsible for the change they could have potentially taken users to a bogus Google website, and infected them with malware or distributed advertising pop-ups.

Many Irish users turned to social networking sites to describe how they were unable to access google.ie.

Irish internet users note the disappearance of Google.ie

For a period of time, the IEDR (Irish Domain Registry) was incorrectly pointing users to nameservers called farahatz.net, apparently based in Indonesia.

domain:       google.ie
descr:        Google, Inc
descr:        Body Corporate (Ltd,PLC,Company)
descr:        Registered Trade Mark Name
admin-c:      KR59-IEDR
tech-c:       CCA7-IEDR
registration: 21-March-2002
renewal:      21-March-2013
status:       Active
nserver:      ns1.farahatz.net  
nserver:      ns2.farahatz.net  
source:       IEDR

person:       Kulpreet Rana
nic-hdl:      KR59-IEDR
source:       IEDR

person:       eMarkmonitor Inc
nic-hdl:      CCA7-IEDR
source:       IEDR

The question is – who changed Google.ie’s name server entry? Was it an authorised change, or did a malicious hacker gain access to IEDR’s systems and make the change to hijack traffic for their own criminal ends?

Interestingly, internet listings describe Kulpreet Rana as a director of intellectual property at Google. Of course, it may not have been the real Kulpreet Rana who was responsible for the change – someone else might have been simply using their name.

Biography of Mr Kulpreet Rana

Robtex provides an interesting graphic showing other websites that use the same nameserver (ns1.farahatz.net):

Sites using farahatz.net as a nameserver

It will be interesting to see what – if anything – Google, the IEDR or MarkMonitor has to say about this. We’ll update this post with more information as it becomes available.

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.