Security Incident Caused googie.ie and yahoo.ie Outage

The Irish Google and Yahoo were taken offline on Tuesday this week when attackers managed to change DNS records according to reports.

It appears the hackers managed to change the sites’ Domain Name Server (DNS) records, according to the IE Domain Registry (IEDR). Currently the IEDRs’ site is offline.

The IEDR identified the two domains as Google.ie and Yahoo.ie in a separate blog post, and identified the affected registrar as MarkMonitor.

IEDR and MarkMonitor found a solution to the issue, but it’s not clear how the unauthorized access happened. A possibility is that MarkMonitor’s login details for the IEDR registrar’s console was socially engineered.

The WHOIS records were changed to the following, with non google names servers.

domain:       google.ie
descr:        Google, Inc
descr:        Body Corporate (Ltd,PLC,Company)
descr:        Registered Trade Mark Name
admin-c:      KR59-IEDR
tech-c:       CCA7-IEDR
registration: 21-March-2002
renewal:      21-March-2013
status:       Active
nserver:      ns1.farahatz.net  
nserver:      ns2.farahatz.net  

farahatz.net appears to be registered in Indonesia.

Domain Name: FARAHATZ.NET

Registrant:
Antariksa Host
Kholid Suhaili (huda@lintaslink.co.id)
cipinang lontar I rt 003 rw08 ,cipinang, pulo gadung
Jakarta Timur
DKI Jakarta,13240
ID
Tel. +62.082110372179

Securing the country-level Domain Name System has been a topic discussion in the domain naming system community, MarkMonitor’s Smith said. “All TLDs should implement best practices security measures like those in use by Verisign over the .COM namespace, Neustar over .BIZ and Puerto Rico’s .PR namespaces. ”

Protect your company against cyber-attacks by contacting TiroSec, a leading provider of IT Security staffing located in the heart of Silicon Beach in Los Angeles, CA.

Posted in