Turkish ISPs Set Up Fake Google DNS Servers

Google has confirmed its Domain Name System (DNS) service has been intercepted by internet providers in Turkey, amidst increasing censorship in the country.

DNS servers act as Internet phone books, translating web addresses such as techweekeurope.com into IP addresses like 178.32.54.141. The action taken by Turkish ISPs, where they have set up fake Google DNS servers, could allow them to serve users with fake websites, which could either be malicious or simply convey misleading information.

Google DNS and Turkish censorship

“Google operates DNS servers because we believe that you should be able to quickly and securely make your way to whatever host you’re looking for, be it YouTube, Twitter, or any other,” said Steven Carstensen, a Google software engineer, in a blog post on Saturday 29 March.

“But imagine if someone had changed out your phone book with another one, which looks pretty much the same as before, except that the listings for a few people showed the wrong phone number. That’s essentially what’s happened: Turkish ISPs have set up servers that masquerade as Google’s DNS service.”

Google had already seen its YouTube property blocked in Turkey last week, after reports indicated the site was hosting a video of a meeting of security officials discussing possible military action in Syria.

Micro-blogging service Twitter was also blocked the previous week. Turkish Prime Minister Recep Tayyip Erdogan claimed false rumours of a corruption scandal involving high-ranking government officials were being spread across Twitter just days ahead of an election, which took place on 30 March. A Turkish court overturned the Twitter ban last week.

Erdogan has claimed victory in the election, promising to make his political enemies pay for accusing him of corruption and leaked state secrets.

The Electronic Frontier Foundation (EFF) has urged users in Turkey to run the Tor Browser to avoid any censorship efforts. The Tor Project’s website was blocked, but a host of mirror sites still allowed for downloads.

But it had a warning over the potential dissemination of fake, malicious versions of the Tor Browser. “When the official distribution channel for a security or censorship circumvention tool is blocked, there is a very real danger of fake or backdoored copies of the tool being distributed under the guise of real tools,” the EFF said.

“Be sure to download your tools only from websites using HTTPS, and only from trusted sources such as the sites on this list. Beware of software which is distributed via IM, Skype message, or email, as well as links posted to Facebook groups.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

19 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

20 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

21 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago