Both google.ie and yahoo.ie became unavailable for a prolonged period this afternoon after an “unauthorised change” was made to the domains’ nameservers.
Krishna De was one of the first users on Twitter to report the outage at 13:33 IST, which was later confirmed by Technology.ie at 13:58.
Technology.ie were first to report that nameservers for google.ie had been altered to point to allegedly fraudulent nameservers, likely based in Indonesia.
Nameservers are responsible for ensuring that when a user visits a certain domain, in this case google.ie or yahoo.ie, they are pointed to the correct website on the correct server. Instead of being served the Google Ireland homepage as desired, users were directed to a fraudulent server that, perhaps luckily, could not be resolved.
Yahoo! users in Ireland with a yahoo.ie email address would have experienced significant disruption of email service.
We contacted Google Ireland who released the following statement;
“We are aware that some users are having difficulties accessing www.google.ie and we are working to fix the problem. We apologise to those users experiencing problems and appreciate their patience.”
The IE Domain Registry, the authority responsible for administering Ireland’s .ie TLD, this evening confirmed to this site that an “unauthorised change was made to two .ie domains on an independent Registrar’s account which resulted in a change of DNS nameservers”. The statement continued,
“The consequence of the change is that visitors to the two websites would be redirected to an allegedly fraudulent address. The IEDR worked with the Registrar to ensure that the nameserver records have been corrected.”
From the IEDR’s whois record for google.ie, it appears that the domain is independently managed by MarkMonitor. It’s likely that access to MarkMonitor may have been “socially engineered” by an unauthorised individual – a simple hacking technique that requires no knowledge of coding.
While the nameservers were corrected as of 14:15 today, Blacknight CEO Michele Neylon advised that it “could take several hours” before both domains return to normal for all users. Michele also added that an individual or a group could have gained access to the domain some time ago but only acted upon this ingress today.
Nevertheless, it’s a reminder that not even Google is safe from website hijacking.