Google (NOT) Hacked? Just A DNS Glitch says Google

186 Comments

Recap: 6:13PM PST: Google was not hacked, but instead had a DNS problem. For some readers the site was redirecting to the SoGoSearch page. That continues to fox me, and I plan to investigate further. All services have been restored. I find it amazing: Google is now as integrated in our lives as a phone company, or heaven forbid, TV networks. Multiple experts say that the screen grab I got was result of broswers not being able to resolve to Google.com, and instead stumbled upon google.com.net (com.net is the SoGoSearch website, and they have a wildcard match). Once Google’s DNS was restored, browsers stopped the appending, and started functioning normally.

Update #6: Yet another screen shot And another one, plus looks like someone swiped the domain name. Larry Magid was on the local CBS radio talking about the Google’s great vanishing trick.

Update #5: Everything back to normal. All Google services are working. Though as an aside, Google has reached the full capacity for its Web Accelerator Beta.

Update # 4: More from Mr. Krane of Google: BTW, this was not the result of a hack or any kind of security issue. “Yes, it was a DNS issue. We’re seeing things as fully restored as of more than 30 min. ago. You’re the first to send such a screen shot and report this kind of issue. I’ll bounce it to the tech staff and will keep you posted.” I got another screenshot which was as of 5.08 PM PST. Not sure if I am having this problem in specific or others noticing the same issue. I use comcast as broadband provider. Any updates people?

Update #3: David Krane, the big cheese @ Google PR wrote back a few seconds ago and had this to add, “Google’s global properties were unavailable for a short period of time earlier today. We’ve remedied the problem and access to Google has been restored worldwide.”

Update #2: Some people are saying in the comments here and over at Engadget, that Google might have been in middle of a DNS software switch. I still can’t believe that a strange image would just show up there.

Update #1: Some people say they have it back, but I am still having trouble logging in to my Gmail. And still not getting Google homepage. I have left voice mail and sent emails to Google’s PR people and their hotline. Not sure, what’s going on precisely but will be on the story.

google hacked

03.11 PM, PST: Looks like we are having a Google outage – apparently someone has hijacked their Domain, and something called SoGoSearch is showing up instead. GMail was down as well. Google ads are not being served up as well. Am I the only one, or did you guys feel the webquake as well? Man if this is a hack, then we now know nothing – not even god, I mean Google is safe! Is this someone’s idea of teaching them a lesson? Or has the Web Accelerator shown its true colors? Lots of unanswered questions. Here is a screen grab by the way!

186 Comments

rainadaman

google can never be hacked , probably there was DNS problem or there was problem with all the PC’s that uses GOOGLE….

Brendan Loy

they are using the *.com.net domain to catch dns queries from .com sites that people type incorrectly or the dns lookup fails, their internet explorer starts appending suffixes to the name to try and locate a site, they have a record for the name google.com.net so when a google.com lookup fails internet explorer trys adding .net to the end and finds the wrong site

If it’s a wildcard, then how come http://www.google.com.net/ takes me to SoGo, but http://www.yahoo.com.net/ does not, nor does http://www.cnn.com.net/ or http://www.brendanloy.com.net/ or any other replacement for the “wildcard” that I’ve tried?

Wing Wong

Yup, noticed it as well. Got back from running errands, opened browser and bam… no Google. Thought it might have been Comcast, but using other some friends’ computers resulted in the same thing. :/

Kinda hit home how centralized/dependant many services are on Google. Of note is Adsense… I checked out a few dozen pages and all of them had Adsense missing during this time.

The fact that almost all of Google’s primary services are based on the *.google.com domain allows for this kind of “one hit affects everything” situation.

Hopefully, Google will come up with a way of avoiding such future disturbances.

Wing
http://www.polygon-comics.com

theEggman

The ‘dead Google air’ I hit didn’t refer, it just seemed to ‘hang’ during the lookup. Damn, I pinged the domain name, but didn’t ping the IP! If someone did they could probably clean up this DNS ‘hijack/poisoning’ thing!!!

I had noticed a large UK PC sales group suddenly went ‘off air’ to-day. Later announcing that they were upgrading… 5 hours later too, ermmmm?!

Wierder things have happened.

Jeff

Sogo is a big department store in Indonesia.

Was google hacked by an Indonesian Crack SpecOps?

SansDoute

There was no re-direct but an error message…we use http://www.google.ca in Canada and wouldn’t fly…tried gmail and got page could not be found errors.
Didn’t have too much time but a whois on google.ca appeared to direct to google.com: which is likely the problem domain.

Tim White

I hope you guys realise that some of the screenshots are possibly faked. I can easily fake them myself (goto another site and then change the address bar)
For example the Google MSN (http://img241.echo.cx/img241/6208/googlemsn3lp.png) you can see that the server it is trying to access is search.msn.com, I know that this may be for pictures but who knows, maybe has been a hoax. I know that not all of them are fake, but I’d think if the DNS stuffed up it wouldn’t redirect you to lots of different sites, rather just one (SOGO in this case)

Tim

bobo

did anyone bother to tell nslookup to use googles SOA server and then have a look at how google.com resolved?

if it resolved to the ‘mysterious other site’ than technically google got hacked.

if say comcast’s nameserver(s) was misdirecting and googles wasn’t, tan it’s comcast wot got hacked…

it’s not rocket science…

test

American Express sponsors the SOGOSearch site !
A credit card company gone to the dark side ….

lifeforms

It was not a hack… Some browsers try adding some common prefixes like .com, .net when a domain name does not resolve.

When http://www.google.com could not be found, it tried http://www.google.com.net (try going there) which seems to have been setup just to catch this type of traffic.

Otis

DNS is the first thing I thought of when I heard about this. And then I came here and saw a screenshot of a search engine. Now that’s an interesting coincidence, isn’t it? :)

djones

Google’s not lying when they say they weren’t hacked. But calling it a DNS “glitch” isn’t entirely honest.

While the DNS server I used that was affected, I looked at the source of the SoGoSearch page, which was different than the source if you browsed to SoGoSearch in the address bar. The difference?

The “hijacked” version had:

as a comment instead of

Ok, so a script is pulling that in. :P

Seriously though, the DNS I used for my PSP Browser portal was wonked, but when I switched back to Comcast’s default DNS servers, everything was fine. Still sounds like a trunk’s DNS was maliciously altered. How could a few get the wrong record and everyone else get the right one?

l4m3r

I work in google’s department for west europe.
It was hack indeed.
Nothing more to say. If you need more informations.. email me.

David

The second screenshot (http://img241.echo.cx/img241/6208/googlemsn3lp.png) is clearly a bad fake.
First, putting an URI in the adress bar and hitting enter (or pressing Go) would append a solidus (slash) at the end of the URI.
Also, the icon at the left of the adress is semi transparent. This indicates that no one have pressed either enter or Go yet (try that in Firefox and you’ll see.)

J_UK

Folks the site sogosearch own the com.net dns record

they are using the *.com.net domain to catch dns queries from .com sites that people type incorrectly or the dns lookup fails, their internet explorer starts appending suffixes to the name to try and locate a site, they have a record for the name google.com.net so when a google.com lookup fails internet explorer trys adding .net to the end and finds the wrong site

doesnt take a google genius to figure this out

Voip Guy

Thats really strange, We at Adsense publishers must have lost few dollars for all this issue. But one thing is sure, sogosearch has got a lots of publicity from all this issue.

craig

google wasn;t hacked

it wasn.t dns.

it was a testing of “how many will talk”

PR

they are creating chatter and attention,,,

Chris

Just a guess, but perhaps with http://www.google.com returning NXDOMAIN the gethostby* functions tried variations and ended up resolving sites like http://www.google.com.net which inadvertantly sent people to the spoof site.

Probably not a hack, just an interesting coincidence :)

Nick

So, Does anyone else think Bill Gates had something to do with this? Gotta love a good conspiracy theory =8-)

Caleb

whoops, sorry for the slight redundancy. I checked above previously and didn’t see mention of the article or dns poisoning. After reading through the comments more thoroughly I see that Bruce posted some articles that appear similar in concept. Hopefully the article I listed will help with further elaboration.

Caleb

While this probably isn’t the case with the Google incident, New Scientist published an article describing how a malevolent hacker can essentially “poison” the dns system locally, then potentially regionally, and so on forth, to have a domain name point to a different IP address. Essentially this problem with google could happen in such a manner.

Here’s a link to the article from New Scientist:
http://www.newscientist.com/channel/info-tech/dn7299

kr8tr

Hmm… Interesting that in the initial post here, Google gets a capital G and GOD gets a lower case G. Certainly Googole isn’t the new mesiah :)

Matt

This is the 3rd time that ive seen this happen is just the first time its been picked up on. Kinda interesting…….. but i wouldent worry about it, I think the DNS has a routing problem becuase of the number of times ive seen this. Also its never lasted more and 1:30 minutes for me anyway.

James

Anyone with half a brain and access to more than one DNS server could tell you that Google wasn’t hacked. It’s people like you that give tech support such a hard time with the stupidest problems. Before you jump to conclusions next time … fire off at least 2 synapses before you open your mouths.

Comments are closed.