Google disappears for Irish internet users – but was it a nameserver hack or admin screwup?

Google Ireland logoThousands of Irish internet users found that they were unable to access Google earlier today when the nameservers for google.ie began to point to a third-party server based in Indonesia.

Whether this was the result of a malicious hack or an admin screwup is as yet uncertain, but the danger was that if someone bad was responsible for the change they could have potentially taken users to a bogus Google website, and infected them with malware or distributed advertising pop-ups.

Many Irish users turned to social networking sites to describe how they were unable to access google.ie.

Irish internet users note the disappearance of Google.ie

Sign up to our free newsletter.
Security news, advice, and tips.

For a period of time, the IEDR (Irish Domain Registry) was incorrectly pointing users to nameservers called farahatz.net, apparently based in Indonesia.

[source gutter=”false”] domain: google.ie
descr: Google, Inc
descr: Body Corporate (Ltd,PLC,Company)
descr: Registered Trade Mark Name
admin-c: KR59-IEDR
tech-c: CCA7-IEDR
registration: 21-March-2002
renewal: 21-March-2013
status: Active
nserver: ns1.farahatz.net
nserver: ns2.farahatz.net
source: IEDR

person: Kulpreet Rana
nic-hdl: KR59-IEDR
source: IEDR

person: eMarkmonitor Inc
nic-hdl: CCA7-IEDR
source: IEDR
[/source]

The question is – who changed Google.ie’s name server entry? Was it an authorised change, or did a malicious hacker gain access to IEDR’s systems and make the change to hijack traffic for their own criminal ends?

Interestingly, internet listings describe Kulpreet Rana as a director of intellectual property at Google. Of course, it may not have been the real Kulpreet Rana who was responsible for the change – someone else might have been simply using their name.

Biography of Mr Kulpreet Rana

Robtex provides an interesting graphic showing other websites that use the same nameserver (ns1.farahatz.net):

Sites using farahatz.net as a nameserver

It will be interesting to see what – if anything – Google, the IEDR or MarkMonitor has to say about this. We’ll update this post with more information as it becomes available.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.