Google disappears for Irish internet users - but was it a nameserver hack or admin screwup?

Filed Under: Featured, Google, Malware, Vulnerability

Google Ireland logoThousands of Irish internet users found that they were unable to access Google earlier today when the nameservers for google.ie began to point to a third-party server based in Indonesia.

Whether this was the result of a malicious hack or an admin screwup is as yet uncertain, but the danger was that if someone bad was responsible for the change they could have potentially taken users to a bogus Google website, and infected them with malware or distributed advertising pop-ups.

Many Irish users turned to social networking sites to describe how they were unable to access google.ie.

Irish internet users note the disappearance of Google.ie

For a period of time, the IEDR (Irish Domain Registry) was incorrectly pointing users to nameservers called farahatz.net, apparently based in Indonesia.

domain:       google.ie
descr:        Google, Inc
descr:        Body Corporate (Ltd,PLC,Company)
descr:        Registered Trade Mark Name
admin-c:      KR59-IEDR
tech-c:       CCA7-IEDR
registration: 21-March-2002
renewal:      21-March-2013
status:       Active
nserver:      ns1.farahatz.net  
nserver:      ns2.farahatz.net  
source:       IEDR

person:       Kulpreet Rana
nic-hdl:      KR59-IEDR
source:       IEDR

person:       eMarkmonitor Inc
nic-hdl:      CCA7-IEDR
source:       IEDR

The question is - who changed Google.ie's name server entry? Was it an authorised change, or did a malicious hacker gain access to IEDR's systems and make the change to hijack traffic for their own criminal ends?

Interestingly, internet listings describe Kulpreet Rana as a director of intellectual property at Google. Of course, it may not have been the real Kulpreet Rana who was responsible for the change - someone else might have been simply using their name.

Biography of Mr Kulpreet Rana

Robtex provides an interesting graphic showing other websites that use the same nameserver (ns1.farahatz.net):

Sites using farahatz.net as a nameserver

It will be interesting to see what - if anything - Google, the IEDR or MarkMonitor has to say about this. We'll update this post with more information as it becomes available.

, , , , , , , , ,

You might like

One Response to Google disappears for Irish internet users - but was it a nameserver hack or admin screwup?

  1. Vijay · 991 days ago

    It appears Googe.ie (and yahoo.ie) were "hijacked" according to The Register: http://www.theregister.co.uk/2012/10/10/google_an...

    There is also a notice on IEDR's web site about a security incident: http://www.domainregistry.ie/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations.