Thousands of Irish internet users found that they were unable to access Google earlier today when the nameservers for google.ie began to point to a third-party server based in Indonesia.
Whether this was the result of a malicious hack or an admin screwup is as yet uncertain, but the danger was that if someone bad was responsible for the change they could have potentially taken users to a bogus Google website, and infected them with malware or distributed advertising pop-ups.
Many Irish users turned to social networking sites to describe how they were unable to access google.ie.
For a period of time, the IEDR (Irish Domain Registry) was incorrectly pointing users to nameservers called farahatz.net, apparently based in Indonesia.
[source gutter=”false”] domain: google.iedescr: Google, Inc
descr: Body Corporate (Ltd,PLC,Company)
descr: Registered Trade Mark Name
admin-c: KR59-IEDR
tech-c: CCA7-IEDR
registration: 21-March-2002
renewal: 21-March-2013
status: Active
nserver: ns1.farahatz.net
nserver: ns2.farahatz.net
source: IEDR
person: Kulpreet Rana
nic-hdl: KR59-IEDR
source: IEDR
person: eMarkmonitor Inc
nic-hdl: CCA7-IEDR
source: IEDR
[/source]
The question is – who changed Google.ie’s name server entry? Was it an authorised change, or did a malicious hacker gain access to IEDR’s systems and make the change to hijack traffic for their own criminal ends?
Interestingly, internet listings describe Kulpreet Rana as a director of intellectual property at Google. Of course, it may not have been the real Kulpreet Rana who was responsible for the change – someone else might have been simply using their name.
Robtex provides an interesting graphic showing other websites that use the same nameserver (ns1.farahatz.net):
It will be interesting to see what – if anything – Google, the IEDR or MarkMonitor has to say about this. We’ll update this post with more information as it becomes available.