Google (NOT) Hacked? Just A DNS Glitch says Google


Recap: 6:13PM PST: Google was not hacked, but instead had a DNS problem. For some readers the site was redirecting to the SoGoSearch page. That continues to fox me, and I plan to investigate further. All services have been restored. I find it amazing: Google is now as integrated in our lives as a phone company, or heaven forbid, TV networks. Multiple experts say that the screen grab I got was result of broswers not being able to resolve to, and instead stumbled upon ( is the SoGoSearch website, and they have a wildcard match). Once Google’s DNS was restored, browsers stopped the appending, and started functioning normally.

Update #6: Yet another screen shot And another one, plus looks like someone swiped the domain name. Larry Magid was on the local CBS radio talking about the Google’s great vanishing trick.

Update #5: Everything back to normal. All Google services are working. Though as an aside, Google has reached the full capacity for its Web Accelerator Beta.

Update # 4: More from Mr. Krane of Google: BTW, this was not the result of a hack or any kind of security issue. “Yes, it was a DNS issue. We’re seeing things as fully restored as of more than 30 min. ago. You’re the first to send such a screen shot and report this kind of issue. I’ll bounce it to the tech staff and will keep you posted.” I got another screenshot which was as of 5.08 PM PST. Not sure if I am having this problem in specific or others noticing the same issue. I use comcast as broadband provider. Any updates people?

Update #3: David Krane, the big cheese @ Google PR wrote back a few seconds ago and had this to add, “Google’s global properties were unavailable for a short period of time earlier today. We’ve remedied the problem and access to Google has been restored worldwide.”

Update #2: Some people are saying in the comments here and over at Engadget, that Google might have been in middle of a DNS software switch. I still can’t believe that a strange image would just show up there.

Update #1: Some people say they have it back, but I am still having trouble logging in to my Gmail. And still not getting Google homepage. I have left voice mail and sent emails to Google’s PR people and their hotline. Not sure, what’s going on precisely but will be on the story.

google hacked

03.11 PM, PST: Looks like we are having a Google outage – apparently someone has hijacked their Domain, and something called SoGoSearch is showing up instead. GMail was down as well. Google ads are not being served up as well. Am I the only one, or did you guys feel the webquake as well? Man if this is a hack, then we now know nothing – not even god, I mean Google is safe! Is this someone’s idea of teaching them a lesson? Or has the Web Accelerator shown its true colors? Lots of unanswered questions. Here is a screen grab by the way!



google can never be hacked , probably there was DNS problem or there was problem with all the PC’s that uses GOOGLE….

Brendan Loy

they are using the * domain to catch dns queries from .com sites that people type incorrectly or the dns lookup fails, their internet explorer starts appending suffixes to the name to try and locate a site, they have a record for the name so when a lookup fails internet explorer trys adding .net to the end and finds the wrong site

If it’s a wildcard, then how come takes me to SoGo, but does not, nor does or or any other replacement for the “wildcard” that I’ve tried?

Wing Wong

Yup, noticed it as well. Got back from running errands, opened browser and bam… no Google. Thought it might have been Comcast, but using other some friends’ computers resulted in the same thing. :/

Kinda hit home how centralized/dependant many services are on Google. Of note is Adsense… I checked out a few dozen pages and all of them had Adsense missing during this time.

The fact that almost all of Google’s primary services are based on the * domain allows for this kind of “one hit affects everything” situation.

Hopefully, Google will come up with a way of avoiding such future disturbances.



The ‘dead Google air’ I hit didn’t refer, it just seemed to ‘hang’ during the lookup. Damn, I pinged the domain name, but didn’t ping the IP! If someone did they could probably clean up this DNS ‘hijack/poisoning’ thing!!!

I had noticed a large UK PC sales group suddenly went ‘off air’ to-day. Later announcing that they were upgrading… 5 hours later too, ermmmm?!

Wierder things have happened.


Sogo is a big department store in Indonesia.

Was google hacked by an Indonesian Crack SpecOps?


There was no re-direct but an error message…we use in Canada and wouldn’t fly…tried gmail and got page could not be found errors.
Didn’t have too much time but a whois on appeared to direct to which is likely the problem domain.

Tim White

I hope you guys realise that some of the screenshots are possibly faked. I can easily fake them myself (goto another site and then change the address bar)
For example the Google MSN ( you can see that the server it is trying to access is, I know that this may be for pictures but who knows, maybe has been a hoax. I know that not all of them are fake, but I’d think if the DNS stuffed up it wouldn’t redirect you to lots of different sites, rather just one (SOGO in this case)



did anyone bother to tell nslookup to use googles SOA server and then have a look at how resolved?

if it resolved to the ‘mysterious other site’ than technically google got hacked.

if say comcast’s nameserver(s) was misdirecting and googles wasn’t, tan it’s comcast wot got hacked…

it’s not rocket science…


American Express sponsors the SOGOSearch site !
A credit card company gone to the dark side ….


It was not a hack… Some browsers try adding some common prefixes like .com, .net when a domain name does not resolve.

When could not be found, it tried (try going there) which seems to have been setup just to catch this type of traffic.


DNS is the first thing I thought of when I heard about this. And then I came here and saw a screenshot of a search engine. Now that’s an interesting coincidence, isn’t it? :)


Google’s not lying when they say they weren’t hacked. But calling it a DNS “glitch” isn’t entirely honest.

While the DNS server I used that was affected, I looked at the source of the SoGoSearch page, which was different than the source if you browsed to SoGoSearch in the address bar. The difference?

The “hijacked” version had:

as a comment instead of

Ok, so a script is pulling that in. :P

Seriously though, the DNS I used for my PSP Browser portal was wonked, but when I switched back to Comcast’s default DNS servers, everything was fine. Still sounds like a trunk’s DNS was maliciously altered. How could a few get the wrong record and everyone else get the right one?


I work in google’s department for west europe.
It was hack indeed.
Nothing more to say. If you need more informations.. email me.


The second screenshot ( is clearly a bad fake.
First, putting an URI in the adress bar and hitting enter (or pressing Go) would append a solidus (slash) at the end of the URI.
Also, the icon at the left of the adress is semi transparent. This indicates that no one have pressed either enter or Go yet (try that in Firefox and you’ll see.)


Folks the site sogosearch own the dns record

they are using the * domain to catch dns queries from .com sites that people type incorrectly or the dns lookup fails, their internet explorer starts appending suffixes to the name to try and locate a site, they have a record for the name so when a lookup fails internet explorer trys adding .net to the end and finds the wrong site

doesnt take a google genius to figure this out

Voip Guy

Thats really strange, We at Adsense publishers must have lost few dollars for all this issue. But one thing is sure, sogosearch has got a lots of publicity from all this issue.


google wasn;t hacked

it wasn.t dns.

it was a testing of “how many will talk”


they are creating chatter and attention,,,


Just a guess, but perhaps with returning NXDOMAIN the gethostby* functions tried variations and ended up resolving sites like which inadvertantly sent people to the spoof site.

Probably not a hack, just an interesting coincidence :)


So, Does anyone else think Bill Gates had something to do with this? Gotta love a good conspiracy theory =8-)


whoops, sorry for the slight redundancy. I checked above previously and didn’t see mention of the article or dns poisoning. After reading through the comments more thoroughly I see that Bruce posted some articles that appear similar in concept. Hopefully the article I listed will help with further elaboration.


While this probably isn’t the case with the Google incident, New Scientist published an article describing how a malevolent hacker can essentially “poison” the dns system locally, then potentially regionally, and so on forth, to have a domain name point to a different IP address. Essentially this problem with google could happen in such a manner.

Here’s a link to the article from New Scientist:


Hmm… Interesting that in the initial post here, Google gets a capital G and GOD gets a lower case G. Certainly Googole isn’t the new mesiah :)


This is the 3rd time that ive seen this happen is just the first time its been picked up on. Kinda interesting…….. but i wouldent worry about it, I think the DNS has a routing problem becuase of the number of times ive seen this. Also its never lasted more and 1:30 minutes for me anyway.


Anyone with half a brain and access to more than one DNS server could tell you that Google wasn’t hacked. It’s people like you that give tech support such a hard time with the stupidest problems. Before you jump to conclusions next time … fire off at least 2 synapses before you open your mouths.

Comments are closed.