If you visited Google’s Malaysian website today, you might have had a big surprise.
Because rather than finding the familiar minimalist interface of the world’s favourite search engine, visitors to google.com.my would have seen this instead:
“Google Malaysia HackeD by Tiger-Mate #Bangladeshi HackeR”
Sounds bad, doesn’t it? Well, it’s certainly not great – but it’s not quite as bad as you might imagine.
Firstly, Google’s own servers have not been hacked and no data on their systems has been compromised.
Instead, it appears that hackers managed to redirect the DNS entry for google.com.my to a website of their own choosing.
DNS is the internet’s phone book, translating website URLs that people can remember (like google.com or amazon.co.uk) into numeric IP addresses that the net understands.
Of course, an unauthorised party changing Google’s DNS entry – even if only for the Malaysian branch of Google – could have been a very bad thing.
For instance, they could have planted a drive-by download designed to infect visiting computers on the bogus google.com.my, or the hackers could have created a fake version of the Google search engine which displayed results of their own choosing to earn them income (and perhaps might have been less obvious than the graffiti-style defacement they chose).
The Google Malaysia team tweeted out an advisory to affected users:
— Google Malaysia (@GoogleMsia) April 14, 2015
A spokesperson for the company told the Wall Street Journal that it was contacting MYNIC, the Malaysian government body that oversees all websites using the .my domain TLD:
“We’re aware that some users are having trouble connecting to google.com.my, or are being directed to a different website. We’ve reached out to the organization responsible for managing this domain name and hope to have the issue resolved shortly.”
The DNS redirection appears to have now been resolved, but there’s a bigger issue here – namely that this isn’t the first time that Google has suffered a similar attack.
In February, for instance, the notorious Lizard Squad hacking gang performed a similar stunt against Google Vietnam, in order to advertise their DDoS-for-hire service.
Clearly either Google is being careless with the passwords it uses to access its DNS records, or some of the organisations it has entrusted with managing its DNS records aren’t securing their systems properly.
If it’s the latter, then Google really may want to rethink having domains like google.com.my. Perhaps it is time for my.google.com instead?
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.