Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Google, Yahoo DNS Diverted After Breach at .ie Domain Registrar

The Irish version of Google and Yahoo briefly went offline on Tuesday when unknown perpetrators managed to change the sites’ Domain Name Server records, according to the IE Domain Registry.

A “security incident” on Tuesday resulted in the DNS nameserver records for two “high profile .ie domains” to be changed, IEDR said in a statement on its site Wednesday. There was apparently an “unauthorized access” to a registrar’s account which resulted in the change, according to the statement.

The Irish version of Google and Yahoo briefly went offline on Tuesday when unknown perpetrators managed to change the sites’ Domain Name Server records, according to the IE Domain Registry.

A “security incident” on Tuesday resulted in the DNS nameserver records for two “high profile .ie domains” to be changed, IEDR said in a statement on its site Wednesday. There was apparently an “unauthorized access” to a registrar’s account which resulted in the change, according to the statement.

IEDR identified the two domains as Google.ie and Yaoo.ie in a separate blog post, and identified the affected registrar as MarkMonitor. IEDR worked with MarkMonitor to correct the problem, but it’s not clear how the unauthorized access happened. One possibility is that MarkMonitor’s login details for the IEDR registrar’s console was socially engineered, according to the blog post.

“As policy, MarkMonitor does not comment on specific domain name security breaches,” Te Smith, MarkMonitor’s vice-president of communications, told SecurityWeek. However, Smith acknowledged that this incident “appears to be relatively typical of breaches we’ve seen at other TLDs over the last years.”

IEDR notified all member registrars of the incident in a letter and said that several systems have been taken offline while it investigates what happened. IEDR has temporarily brought external Web-based systems offline in order to perform additional analysis, according to the statement. The Whois service and IEDR’s API system is still online. External security experts have also been called in, according to IEDR.

“Registrars accounting for over two thirds of .ie domains are largely unaffected by this interruption,” IEDR said.

As of Wednesday afternoon, the systems were still offline.

The situation could have been much worse, as the perpetrators could have directed users to a “bogus” site to infect them with malware or harvested personal information from unsuspecting users, Graham Cluley, senior technology consultant at Sophos, wrote on the NakedSecurity blog.

“The danger was that if someone bad was responsible for the change they could have potentially taken users to a bogus Google website, and infected them with malware or distributed advertising pop-ups,” Cluely wrote.

The modified records were pointing to DNS nameservers located in Indonesia and which have been linked to well-known hacking sites, IEDR said in its blog post on the domainregistrar.ie site.

MarkMonitor also manages other high-profile domains, such as Microsoft.ie, but they appear to be unaffected in this incident.

Securing the country-level TLDs has been a topic discussion in the domain naming system community, MarkMonitor’s Smith said. All TLDs should implement best practices security measures like those in use by Verisign over the .COM namespace, Neustar over .BIZ and Puerto Rico’s .PR namespaces, Smith said.

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Cybercrime

Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.