Epic DNS Hiccup Redirects Irish Versions of Google, Yahoo to Indonesian Server
A security breach that affected the IE Domain Registry authority prompted the redirection of the local versions of Google and Yahoo to a fraudulent web server. The Oct. 9 incident was detected rapidly by the IEDR and some services were immediately taken offline.
“As you may be aware, there was a security incident on Tuesday October 9th, involving two high profile .ie domains that has warranted further investigation and some precautionary actions on the part of the IEDR,” reads the advisory on Ireland’s Domain Registry page.
The attack was possible because of a breach in the registrar’s infrastructure that allowed unauthorized modifications to the DNS name server records for the two .ie domains.
When a new domain is purchased from a Registry authority, the Registry allows the owner to “point” the domain name to a set of IP addresses (addresses of servers that will actually serve content) using a web interface. During the attack, unknown parties simply used the web interface to change the associated IP addresses, redirecting all traffic to a server in Jakarta, Indonesia.
The IEDR restored the correct name server records for both affected websites and opened an investigation of the attack.
“Gardai have been notified and IEDR has requested that the Garda Bureau of Fraud Investigation (GBFI) conduct an investigation into this external attack on the .ie namespace. That investigation commenced on Wednesday 10th October,” the IEDR team wrote in the same blog post.
The DNS infrastructure plays a key role in the sustainability of the Internet and has been the main target of cyber-crime for years. Tuesday’s incident is the second major one in a week after the wrongful deactivation on Sunday of Twitter’s t.co domain used for short-linking.