Turkish ISPs Set Up Fake Google DNS Servers

Google has confirmed its Domain Name System (DNS) service has been intercepted by internet providers in Turkey, amidst increasing censorship in the country.

DNS servers act as Internet phone books, translating web addresses such as techweekeurope.com into IP addresses like 178.32.54.141. The action taken by Turkish ISPs, where they have set up fake Google DNS servers, could allow them to serve users with fake websites, which could either be malicious or simply convey misleading information.

Google DNS and Turkish censorship

“Google operates DNS servers because we believe that you should be able to quickly and securely make your way to whatever host you’re looking for, be it YouTube, Twitter, or any other,” said Steven Carstensen, a Google software engineer, in a blog post on Saturday 29 March.

“But imagine if someone had changed out your phone book with another one, which looks pretty much the same as before, except that the listings for a few people showed the wrong phone number. That’s essentially what’s happened: Turkish ISPs have set up servers that masquerade as Google’s DNS service.”

Google had already seen its YouTube property blocked in Turkey last week, after reports indicated the site was hosting a video of a meeting of security officials discussing possible military action in Syria.

Micro-blogging service Twitter was also blocked the previous week. Turkish Prime Minister Recep Tayyip Erdogan claimed false rumours of a corruption scandal involving high-ranking government officials were being spread across Twitter just days ahead of an election, which took place on 30 March. A Turkish court overturned the Twitter ban last week.

Erdogan has claimed victory in the election, promising to make his political enemies pay for accusing him of corruption and leaked state secrets.

The Electronic Frontier Foundation (EFF) has urged users in Turkey to run the Tor Browser to avoid any censorship efforts. The Tor Project’s website was blocked, but a host of mirror sites still allowed for downloads.

But it had a warning over the potential dissemination of fake, malicious versions of the Tor Browser. “When the official distribution channel for a security or censorship circumvention tool is blocked, there is a very real danger of fake or backdoored copies of the tool being distributed under the guise of real tools,” the EFF said.

“Be sure to download your tools only from websites using HTTPS, and only from trusted sources such as the sites on this list. Beware of software which is distributed via IM, Skype message, or email, as well as links posted to Facebook groups.

Are you a security pro? Try our quiz!