Feeds

Google AND Yahoo! hijacked in Ireland after domain namespace grab

Human error or something more sinister?

Business security measures using SSL

Google and Yahoo!'s Irish domains were briefly hijacked on Tuesday afternoon, the IE Domain Registry (IEDR) has confirmed.

Fraud officers from the Garda Bureau of Fraud Investigation are said to be investigating how malefactors were able to take the websites offline for several hours after mischievously changing both Yahoo.ie and Google.ie's name servers. Both domain names are managed by San Francisco-based registrar MarkMonitor.

In a statement issued to The Register last night, Google failed to mention it had been hijacked. Instead it simply told us:

We are aware that some users are having difficulties accessing www.google.ie and we are working to fix the problem. We apologise to those users experiencing problems and appreciate their patience.

It's understood that the IEDR's chief David Curtin emailed all of the outfit's registrars about the hijack, according to this blog post detailing the sorry affair. Curtin apparently said:

There was an unauthorised access to one registrar’s account [MarkMonitor] which resulted in the change to the DNS nameserver records for the two .ie domains. The IEDR worked with the registrar to ensure that the nameserver records were reset and corrected promptly.

But it remains unclear how such a major and deeply embarrassing breach could have occurred.

Some security experts had suggested that MarkMonitor's console may have been "socially engineered" with a hacker possibly pretending to represent the registrar thereby fooling the IEDR into providing login details to gain access to, and subsequently modify, Google and Yahoo!'s DNS nameservers.

At present, IEDR is displaying a message on its site that reads:

Some of IEDR’s systems are currently unavailable. We apologise for the inconvenience to our customers.

As you may be aware, there was a security incident yesterday [9 October], involving two high profile .ie domains that has warranted further investigation and some precautionary actions on the part of the IEDR.

There was an unauthorised access to a Registrar’s account which resulted in the change to the DNS nameserver records for the two .ie domains. The IEDR worked with the Registrar to ensure that the nameserver records were reset and corrected promptly. Simultaneously, the IEDR commenced an investigation and analysis, with the assistance of external security experts.

It said that security wonks had advised that the IEDR temporarily disrupted its service by closing its external web-based systems to allow for further analysis to take place.

The not-for-profit org added that its Whois service and API remained fully operational and claimed that over two-thirds of .ie domains held by registrars were unaffected by the forced interruption to its service while the probe into the problems continues. It added: "Public access to .ie websites or email is also unaffected."

Sophos security expert Graham Cluley noted on his blog on Tuesday evening that IEDR incorrectly pointed Google and Yahoo! users to nameservers called farahatz.net, which appeared to be based in Indonesia. ®

Business security measures using SSL

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
ISPs' post-net-neutrality world is built on 'bribes' says Tim Berners-Lee
Father of the worldwide web is extremely peeved over pay-per-packet-type plans
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.