The Irish domains of both Google and Yahoo were temporarily knocked offline earlier this week after their domain name server records were changed in a serious security breach.
The incident occurred Tuesday when the DNS name server records of both domains were changed after a registrar’s account was accessed without authorisation, according to the IE Domain Registry (IEDR). The registrar was identified as MarkMonitor.
As a result of an investigation by IEDR and third-party experts, IEDR temporarily took external web-based systems offline in order to perform additional analysis. The Whois service and the IEDR’s API however are fully operational, meaning the registrars accounting for more than two-thirds of .ie domains were largely unaffected by the interruption. Public access to .ie websites or email is also unaffected, IEDR explained today.
MarkMonitor did not offer much in the way of details about the incident.
“As you know, the topic of ccTLD security has been discussed by the domain naming system community because of these types of breaches,” MarkMonitor spokesperson Te Smith said in a statement. “As policy, MarkMonitor does not comment on specific domain name security breaches. We recommend that all TLDs implement best practices security measures like those in use by Verisign.COM, Neustar .BIZ and the Puerto Rico.PR registries.”
In January, hackers in the Anonymous collective hijacked the domain name system record for CBS.com and redirected traffic to another Web server that displayed an empty directory structure, making it appear as though the contents of CBS.com had been erased. CBS.com eventually regained control of the domain.
According to IEDR, in the case of Google and Yahoo, the records were modified to point to DNS name servers in Indonesia that have been linked to well-known hacking sites – making it possible that some visitors to Google.ie and Yahoo.ie may have been taken to fraudulent versions of those sites. Graham Cluley, senior technology consultant at Sophos, identified the Indonesian name servers as belonging to farahatz.net.
According to Cluley, an attacker could have for example potentially taken users to a bogus version of Google “and infected them with malware or distributed advertising pop-ups.”
In statements to ZDNET, both Google and Yahoo acknowledged the situation and apologised to users. “We are aware that Yahoo.ie was inaccessible to some users in Ireland,” a Yahoo spokesperson told ZDNET. “This issue is resolved and we apologise [sic] for any inconvenience this may have caused.”
According to IEDR, police have been notified about the situation.
Is Internet knowledge your domain? Take our quiz!
Originally published on eWeek.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
View Comments
Why the [sic] after "apologise" ? That is the correct spelling.
Haha - you are right, "apologise" is correct. However, not for Brian Prince the writer of the story, who is from our US partner eWEEK.
Like all US writers, Brian spells all words like "apologise" with a z. We go through and change the z's for s's when using their stories on our site.
In this instance, we may as well leave the [sic] in place, or this comment won't make any sense to anyone. Or perhaps we could add another [sic] after Brian's [sic].
Whatever.
If anyone is still bothered, we can only apologize. Sorry, apologise.
Peter Judge