Google and Yahoo Irish search domains hijacked

Irish websites Google.ie and Yahoo.ie went offline on Tuesday afternoon after their DNS servers were apparently hijacked to point to those of a third party, resulting in visitors being redirected to an 'allegedly fraudulent' address.
Written by Sam Shead, Contributor

Google and Yahoo's Irish domains went offline on Tuesday, following an unauthorised change to their registrar's account, it has emerged.

The domains Google.ie and Yahoo.ie were hijacked when the DNS servers were changed to those of a third party and people trying to access the site were redirected to "allegedly fraudulent" pages.

Yahoo Ireland
Yahoo Ireland went offline on Tuesday. The cause is being investigated.

"The IEDR [IE Domain Register] confirms that... an unauthorised change was made to two .ie domains on an independent registrar's account which resulted in a change of DNS nameservers," a spokesman for the company, which manages Ireland's domain name registry, told ZDNet on Thursday.

"The consequence of the change is that visitors to the two websites would be redirected to an allegedly fraudulent address. The IEDR worked with the registrar to ensure that the nameserver records have been corrected," he added.

The IEDR didn't identify the affected domains by name, but complaints about problems accessing www.google.ie and www.yahoo.ie soon began making their way onto Twitter.

The spokesman told ZDNet that the registry didn't know how long the sites were offline.

Both Google and Yahoo acknowledged the issue, but neither would explicitly confirm the problems were the work of hackers.

"We are aware that some users are having difficulties accessing www.google.ie and we are working to fix the problem. We apologise to those users experiencing problems and appreciate their patience," Google said in a statement.

"We are aware that Yahoo.ie was inaccessible to some users in Ireland. This issue is resolved and we apologise for any inconvenience this may have caused," Yahoo added.

Hijacking a domain

Michele Neylon, chief executive of Ireland's Blacknight web hosting company, told ZDNet he was unsurprised by the hijacking.

"Hijacking a .ie domain name wouldn't be that hard due to the process IEDR use for handling transfers" - Michele Neylon, Blacknight

"Hijacking an .ie domain name wouldn't be that hard due to the process IEDR use for handling transfers. The current process uses a signed fax on company headed paper, so if you forged a letter, you could do it. IEDR manually validate the letters, but it's not as if they actually check that the signature is valid," Neylon said.

"While the IEDR would probably reverse the 'illegal' transfer quickly, the damage would already have been done. A high traffic e-commerce site could lose a lot of business if it were hijacked and its customers redirected for a couple of hours."

Neylon noted that this is not the first issue involving IEDR, and this latest failure could raise questions over the organisation's technical stability and security.

"They had an outage in September, which resulted in all their websites and API being offline for about 36 hours," said Neylon. "They are yet to provide registrars with any indication of what measures they have taken to stop this from happening again in the future, which obviously concerns me."

IEDR offline

The main IEDR website is offline at time of writing and is instead displaying a message about the incident.

"As you may be aware, there was a security incident yesterday, involving two high profile .ie domains that has warranted further investigation and some precautionary actions on the part of the IEDR," the notice says. "Based on the results of the investigation and the recommendation of security experts, the IEDR has temporarily brought external web-based systems off-line in order to perform additional analysis."

Despite this, the organisation said that the WHOIS service and IEDR's API are fully operational and that public access to .ie websites and email services are unaffected.

Editorial standards