Google And Yahoo Domains Hijacked In Ireland

The Irish domains of both Google and Yahoo were temporarily knocked offline earlier this week after their domain name server records were changed in a serious security breach.

The incident occurred Tuesday when the DNS name server records of both domains were changed after a registrar’s account was accessed without authorisation, according to the IE Domain Registry (IEDR). The registrar was identified as MarkMonitor.

Serious Questions

As a result of an investigation by IEDR and third-party experts, IEDR temporarily took external web-based systems offline in order to perform additional analysis. The Whois service and the IEDR’s API however are fully operational, meaning the registrars accounting for more than two-thirds of .ie domains were largely unaffected by the interruption. Public access to .ie websites or email is also unaffected, IEDR explained today.

“Serious questions are being raised about how this breach occurred,” IEDR noted Wednesday in a separate blog post. “Security experts have suggested that the login details for the IEDR registrar’s console may have been ‘socially engineered’, for example if a hacker pretended to represent MarkMonitor and manipulated the IEDR into providing login details to the Registrar console website (where DNS nameservers are configured).”

MarkMonitor did not offer much in the way of details about the incident.

“As you know, the topic of ccTLD security has been discussed by the domain naming system community because of these types of breaches,” MarkMonitor spokesperson Te Smith said in a statement. “As policy, MarkMonitor does not comment on specific domain name security breaches. We recommend that all TLDs implement best practices security measures like those in use by Verisign.COM, Neustar .BIZ and the Puerto Rico.PR registries.”

In January, hackers in the Anonymous collective hijacked the domain name system record for CBS.com and redirected traffic to another Web server that displayed an empty directory structure, making it appear as though the contents of CBS.com had been erased. CBS.com eventually regained control of the domain.

Domain Hijack

According to IEDR, in the case of Google and Yahoo, the records were modified to point to DNS name servers in Indonesia that have been linked to well-known hacking sites – making it possible that some visitors to Google.ie and Yahoo.ie may have been taken to fraudulent versions of those sites. Graham Cluley, senior technology consultant at Sophos, identified the Indonesian name servers as belonging to farahatz.net.

According to Cluley, an attacker could have for example potentially taken users to a bogus version of Google “and infected them with malware or distributed advertising pop-ups.”

In statements to ZDNET, both Google and Yahoo acknowledged the situation and apologised to users. “We are aware that Yahoo.ie was inaccessible to some users in Ireland,” a Yahoo spokesperson told ZDNET. “This issue is resolved and we apologise [sic] for any inconvenience this may have caused.”

According to IEDR, police have been notified about the situation.

Is Internet knowledge your domain? Take our quiz!

Originally published on eWeek.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

View Comments

  • Haha - you are right, "apologise" is correct. However, not for Brian Prince the writer of the story, who is from our US partner eWEEK.

    Like all US writers, Brian spells all words like "apologise" with a z. We go through and change the z's for s's when using their stories on our site.

    In this instance, we may as well leave the [sic] in place, or this comment won't make any sense to anyone. Or perhaps we could add another [sic] after Brian's [sic].

    Whatever.

    If anyone is still bothered, we can only apologize. Sorry, apologise.

    Peter Judge

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago