Google (NOT) Hacked? Just A DNS Glitch says Google

186 thoughts on “Google (NOT) Hacked? Just A DNS Glitch says Google”

  1. Wow, this is amazing. Google being hacked means that we’re all basically screwed from any type of security on the web. I would like to know what really caused this, though. Hopefully something like this won’t happen again.

  2. This should be interesting, I wonder ‘if’ google was ever hacked, would they come out and admit it? There must be a emergency meeting going on as we speak with their PR people hehe.

  3. An issue of changing DNS from a service to a home grown solution is my third-hand knowledge, eavesdropping on a friend’s phone call to employee.

  4. Pingback: One Degree
  5. Apparently, the myDoom virus rearead it’s ugly head again today and flooded googe and gmail with crap. Wy wifes hotmail account, which rarely gets email at all, got 150 infected emails today, so this is confirmed.

  6. That screenshot is clearly faked – look at the address bar, it still shows the google logo, at the left of the address, this is a line of HTML that changes that image, now would “sogo” or whatever balls it was, really use the google logo?

  7. well seriously .. if they were hacked then the hacker didnt do a very good job. i can access gmail and i can use google plus that screen could’ve been taken when they were in the first steps of taking over google

  8. I noticed that http://www.google.com.net/ redirects to that sogo place. Could this be a result of your browser doing a “best fit” sort of deal when google.com was down? I know Firefox tries to find the best site when the one you enter is wrong, not sure about Safari.

  9. This article made me remember an article I read last week in a national IT-magazine, in which they pointed out some of the dangers facing the current Domain Name System (DNS). The article was mostly based on information from a report by the National Research Council.

    A prepublication and more information on that report can be found here:
    CSTB Publication: Signposts in Cyberspace: The Domain Name System and Internet Navigation
    and
    Nat’l Academies Press: Signposts in Cyberspace: The Domain Name System and Internet Navigation

    To which I must admit not having read anything but the summary myself.

  10. Folks, well got an update from Google folks who did clarify and said that there was a DNS glitch. Not a hack. my apologies for an alarmist headline, but it was clear something was up.

  11. Here’s another screenshot:

    http://img179.echo.cx/img179/7959/googlehacked7to.jpg

    If Google is telling the truth, then this post must be a lie?

    http://hbarbobot.kicks-ass.net/?p=42

    $ whois google.com
    Whois Server Version 1.3
    Domain names in the .com and .net domains can now be registered
    with many different competing registrars. Go to http://www.internic.net
    for detailed information.
    Server Name: GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
    IP Address: 80.190.192.24
    Registrar: KEY-SYSTEMS GMBH
    Whois Server: whois.rrpproxy.net
    Referral URL: http://www.key-systems.net
    Server Name: GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM
    IP Address: 209.187.114.130
    Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
    Whois Server: whois.itsyourdomain.com
    Referral URL: http://www.itsyourdomain.com

  12. It appears this is nothing more than your DNS server f’ing up. Apparently, your side of the world must’ve been redirecting to SoGoSearch for some reason – I (in Michigan) only got an error message saying that Google.com couldn’t be found.

  13. I’ve noticed that all the screenshots are on OS X.

    I noticed this on my OS X box, but not my windows box (when google started responding again) and flushing dns brought back the normal google

  14. Some browsers redirect to a generic search page when the domain you typed in couldn’t be found (for example, because of a DNS error). This could be how people started seeing ‘SoGoSearch’ and ‘MSN Search’ pages.

    In response to Brendan Loy: The existence of amusing subdomains of gulli.com and seczy.com doesn’t mean Google was hacked. It’s just a joke by the people who own those domains.

    From what I’ve seen here, I see no reason to believe that Google was hacked. It just looks like a DNS screwup. “Never attribute to malice that which can be explained by incompetence”, and all that.

  15. As far as the whois stuff goes, look closely. The entry for GOOGLE.COM is still there and intact. Somebody did manage to get in newer entries that include the substring “GOOGLE.COM” and thus also show up on a basic search, which is bad, but that has nothing to do with Google itself. -m

  16. Pingback: Gizmodo
  17. Pingback: Operation Gadget
  18. Anyone with half a brain and access to more than one DNS server could tell you that Google wasn’t hacked. It’s people like you that give tech support such a hard time with the stupidest problems. Before you jump to conclusions next time … fire off at least 2 synapses before you open your mouths.

  19. This is the 3rd time that ive seen this happen is just the first time its been picked up on. Kinda interesting…….. but i wouldent worry about it, I think the DNS has a routing problem becuase of the number of times ive seen this. Also its never lasted more and 1:30 minutes for me anyway.

  20. Hmm… Interesting that in the initial post here, Google gets a capital G and GOD gets a lower case G. Certainly Googole isn’t the new mesiah 🙂

  21. While this probably isn’t the case with the Google incident, New Scientist published an article describing how a malevolent hacker can essentially “poison” the dns system locally, then potentially regionally, and so on forth, to have a domain name point to a different IP address. Essentially this problem with google could happen in such a manner.

    Here’s a link to the article from New Scientist:
    http://www.newscientist.com/channel/info-tech/dn7299

  22. whoops, sorry for the slight redundancy. I checked above previously and didn’t see mention of the article or dns poisoning. After reading through the comments more thoroughly I see that Bruce posted some articles that appear similar in concept. Hopefully the article I listed will help with further elaboration.

  23. Pingback: SEO Book.com
  24. Pingback: Paul Whitaker
  25. Pingback: lazygeek.net
  26. Folks the site sogosearch own the com.net dns record

    they are using the *.com.net domain to catch dns queries from .com sites that people type incorrectly or the dns lookup fails, their internet explorer starts appending suffixes to the name to try and locate a site, they have a record for the name google.com.net so when a google.com lookup fails internet explorer trys adding .net to the end and finds the wrong site

    doesnt take a google genius to figure this out

  27. Pingback: WebhostingTech
  28. Pingback: BloggingTom
  29. Google’s not lying when they say they weren’t hacked. But calling it a DNS “glitch” isn’t entirely honest.

    While the DNS server I used that was affected, I looked at the source of the SoGoSearch page, which was different than the source if you browsed to SoGoSearch in the address bar. The difference?

    The “hijacked” version had:

    as a comment instead of

    Ok, so a script is pulling that in. 😛

    Seriously though, the DNS I used for my PSP Browser portal was wonked, but when I switched back to Comcast’s default DNS servers, everything was fine. Still sounds like a trunk’s DNS was maliciously altered. How could a few get the wrong record and everyone else get the right one?

  30. DNS is the first thing I thought of when I heard about this. And then I came here and saw a screenshot of a search engine. Now that’s an interesting coincidence, isn’t it? 🙂

  31. did anyone bother to tell nslookup to use googles SOA server and then have a look at how google.com resolved?

    if it resolved to the ‘mysterious other site’ than technically google got hacked.

    if say comcast’s nameserver(s) was misdirecting and googles wasn’t, tan it’s comcast wot got hacked…

    it’s not rocket science…

  32. I hope you guys realise that some of the screenshots are possibly faked. I can easily fake them myself (goto another site and then change the address bar)
    For example the Google MSN (http://img241.echo.cx/img241/6208/googlemsn3lp.png) you can see that the server it is trying to access is search.msn.com, I know that this may be for pictures but who knows, maybe has been a hoax. I know that not all of them are fake, but I’d think if the DNS stuffed up it wouldn’t redirect you to lots of different sites, rather just one (SOGO in this case)

    Tim

  33. Pingback: Bakkel's weblog
  34. Pingback: Elliott Back
  35. The ‘dead Google air’ I hit didn’t refer, it just seemed to ‘hang’ during the lookup. Damn, I pinged the domain name, but didn’t ping the IP! If someone did they could probably clean up this DNS ‘hijack/poisoning’ thing!!!

    I had noticed a large UK PC sales group suddenly went ‘off air’ to-day. Later announcing that they were upgrading… 5 hours later too, ermmmm?!

    Wierder things have happened.

  36. Yup, noticed it as well. Got back from running errands, opened browser and bam… no Google. Thought it might have been Comcast, but using other some friends’ computers resulted in the same thing. :/

    Kinda hit home how centralized/dependant many services are on Google. Of note is Adsense… I checked out a few dozen pages and all of them had Adsense missing during this time.

    The fact that almost all of Google’s primary services are based on the *.google.com domain allows for this kind of “one hit affects everything” situation.

    Hopefully, Google will come up with a way of avoiding such future disturbances.

    Wing
    http://www.polygon-comics.com

  37. they are using the *.com.net domain to catch dns queries from .com sites that people type incorrectly or the dns lookup fails, their internet explorer starts appending suffixes to the name to try and locate a site, they have a record for the name google.com.net so when a google.com lookup fails internet explorer trys adding .net to the end and finds the wrong site

    If it’s a wildcard, then how come http://www.google.com.net/ takes me to SoGo, but http://www.yahoo.com.net/ does not, nor does http://www.cnn.com.net/ or http://www.brendanloy.com.net/ or any other replacement for the “wildcard” that I’ve tried?

  38. Pingback: Bobnar Blog
  39. Well looks like sogo are getting a shitload of free publicity!!
    hmmm, could just have been an error in their favour tho! Shame is slept through all of this! would have loved to watch it unfold and have a go at working it out.
    🙂

  40. Okay, I ‘watched’ this happen, by monitoring my DNS cache.

    Google (or whoever manages their DNS) screwed up – http://www.google.com is a CNAME pointing to http://www.l.google.com. Entries for http://www.l.google.com took a walk for perhaps 30 minutes, making http://www.l.google.com return NXDOMAIN.

    SoGo (or whoever owns .com.net) have a specific A record for http://www.google.com.net, to catch people who can’t get to Google for some reason, and use browsers that do the incredibly stupid thing (Safari?) when they can’t find a domain. This “paid off” for them when Google decided to take a walk from the Internet for those few minutes.

    No foul play here, unless it was an inside job, at which point it wasn’t a very sensible one.

  41. Pingback: linuxBlog
  42. I don’t think so, Google hack is fake. I agree, in the address bar of sogo screenshot, it still shows google’s logo!!
    This is a hoax by who knows, microsoft?

  43. The logo is still in the window because Safari/Firefox tends to be a bit slow in updating icons. They don’t always look at the icon apparently. It is not a faked image, people, it is a simple bug in Firefox/Safari that I’ve experienced since 0.8 😉

    By the way – I doubt Microsoft feels Google is a threat to them. Google is a search/steal your privacy company, not a screw-yourself company ;). Microsoft has no need to feel threatened by Google, except in terms of MSN Search / Hotmail.

  44. As of 07:28 EST google.com is still not reachable via domain name.
    Using the URl I am presented with the Firefox logo and nothing esle on the page. Yes I can get to google using one of it’s ip addresses.
    DNS problem still in effect?

  45. 6-4-2005. 1PM PST. Gmail is down. Server Error (500)

    So are we seeing the first cracks in the zillion of cheap servers technical approach?

    I believe one or more competing SE/portals use specialized storage with dual parity RAID (“RAID DP”) to ensure data availability (treating customer data like a Fortune 500 compnay treats its corporate records)

    Or is this another DNS issue?

    I imagine the zillion-cheap-server-grid is pretty darn complex.

    Anyway, don’t bother to e-mail (gmail) me until it’s back up!

  46. Pingback: Antonio Casas
  47. Pingback: SIPthat.com
  48. HELP!
    My google is different, you can’t do image search, or any of the others, and the number of pages is different and it looks a bit strange. Their is no “im feeling lucky”. It hink someone HACKED MY GOOGLE

  49. I didn’t get the SOGO page. Yesterday a couple of friend and I discovered it at about 4:10 CST. The Source code was not at all like it should be. It was asking you to type in the code that displayed in the “picture.” No javascript however was present in the source code. The image search, new, etc worked fine. It just effected the search page. It said something to the affect of ” your computer has been infected etc.” If that were so and Google had made this page, then it would not be like this on every computer in our server room, and also the prompt would come up in the image search as well.

    I think that we were one of the first to discover this, because we went to every single forum (geek forums) but nothing was reported. Anyways has this affected any one else.

  50. Hey people,

    this is not due to any hack or something. This is just child name servers created at the Registry.

    When you query internic’s servers for the whoisof the domain name, internic performs a domain.com.* query and that is the reason this thing shows up. You can check the same for hotmail.com, yahoo.com.

    Ifyou have a domain namme abc.com you can go ahead and register a child name servers which says google.com.i.dont.own.that.abc.com and this should also show up in the whois search of google.com. So just a wrong way to query used by Internic servers!

    Hope this was a little helpful to you guys.

    PJ
    http://www.pratikj.info
    http://www.port43whois.com

  51. Google via IP address works today, but for us (apparently just us), am getting either:
    Index of /

    Name Last modified Size Description

    [DIR] Parent Directory 21-Dec-2005 15:05 –
    [DIR] cgi-bin/ 21-Dec-2005 14:20 –

    Apache/1.3.34 Server at http://www.google.com Port 80
    —————————–
    …or getting a web hosting company apparently called “computersteroids” (when typing in “groups-beta.google.com”). Whose DNS files are bad and whose are good?

  52. I haven’t been able to access Gmail homepage, Hello download page, Yahoo sign-in page, Hotmail sign-in page, eBay sign-in, etc., for two weeks now despite following every “fix” out there. Just goes to a DNS error page. Still can backdoor onto Yahoo by signing in on the Photos link. I wish someone could fix this…

  53. It is possible to poison DNS records. If a particular region is having problems, it seems likely that that region or a specific ISP’s DNS was poisoned. It seems unlikely that only a single specific LAN’s gateway was poisoned, except maybe for practice before attacking the regional DNS.

  54. When I reading a message in google earth, I recived a message on a IRC net to visit a page. This page have a troyan, so I think that when you read your mail, this people don’t have more, but your IP, and use this information, to try an attack over your computer. I don’t know how this people have this information, but it could be, this dns server in troubles.

    Bye from Spain.

  55. When I was reading a message in google gmail, I recived a message on a IRC net to visit a page. This page have a troyan, so I think that when you read your mail, this people don’t have more, but your IP, and use this information, to try an attack over your computer. I don’t know how this people have this information, but it could be, this dns server in troubles.

    Bye from Spain.
    (sorry for my horrible english)

  56. It seems that not only Google was hit. Around 20 percent of sites I visited today were down. I thought it was my cable connection but it appeared to be something else. Could you imagine Google going down? And all its Adsense? 🙂

  57. Son idiotas, no ven ke no hay pruebas??
    Como saben ke modificaron la imagen?? AHH?!
    Ke borraron la parte en donde salia google y le pusieron otra imagen??

    No lo puedo creer…
    De verdad ke no…

    No sean giles, Google es seko. Y los pikotas & envidiosos ke dicen ke no ke se jodan.

  58. I have not been able to log onto Google for several days now. I get an error message stating: “Cannot find Server”. Whats going on? Is there anything I can do to correct this?

  59. my pc has been hijacked!! help!!

    try to get google.co.uk and it takes me to some other junk!!

    the junk page’s layout remains the same but changes its name everytime i try to go on a webpage…this happens with most webpages …but not this one…(?)

    cant access google …or anything really except yahoo mail and microsoft.com

    how can i fix this?

    tried loads of scans…avg…trendkill…spywareblaster…spybot…etc etc all come up with zero

    get me at bduffin3012atyahoodotcodotuk and help me out please!!!!!

  60. seriously this just happened to Apple… I have a screen shot, i dont’ know how to link it in here. It’s 2:11 AM on sunday night Dec 3, 2006. But it’s SOGO. I thought it was so crazy I googled SOGO and found this link about the same thing happening to Google… crazy. Send an e-mail and I’ll send the image. It looks just like yours but with the apple link.

  61. 我公司是一家装专门提供集团电话批发、零售、安装、调试、维护、维修的专业设备供应商和服务商。
    专营各种进口、国产集团电话。 并与国内外多家知名厂商建及电信运营商立了良好的合作关系, 公司一直致力于向客户提供最经济实用的语音、数据通讯解决方案。
    我们始终坚持“服务是行动、服务是满意”!用我们的产品和服务为“客户创造价值”!真诚的希望与您合作。

  62. Its funny. I can access google and its every service from my server but not from my laptop. I guess i ll have to use the server in the meantime. It is 6:45 EST. GOOGLE STILL DOWN.

  63. If google was really hack i bet it was either a group of people that call themselves the g00ns or it was the other group that calls themselves the sKuLlZ but that is what i think if you don’t want anything messed up with your computer don’t look for these guys these guys are probably the elite of the elite

  64. Google is still down (9AM CDT) in my part of the world (NW Florida) and has been since late last night. Maybe the BellSouth DNS is not self-correcting.

  65. Pingback: Lumpy's Corner
  66. Not here it’s been out all day for me.
    Nothing seems to load as far as the web
    search goes, but images work and that’s
    all.
    I have not seen any redirect to any other
    search engines at all.
    I live in Texas.

  67. really? this isn’t happening to anyone else? Eveyday, maybe more than once, our comcast broadband connection ends up getting hijacked. Google ads are hijacked and replaced with annoyingly awful orange ‘sogo’ logotype. Either that, or the search (yahoo and google) get directly hijacked by either the orange ‘sogo’ page or the other ‘infoweb’ page… which is the same company.

    I can’t believe nobody else is having this problem. It surely can’t just be us.

    We’re using comcast cable/broadband in Portland, Oregon.

    This has been going on for at least a year now, but gotten much worse within the last few months.

  68. Whoa, today (date to left of post), i was trying to access a part of my site i have barely created (new mod for phpbb3), and when trying to install (through browser, install.php stuff), internet would redirect to sogosearch.

    Is anyone doing anything to stop these people?

  69. Still happening. Sogo redirect for certain pages. Comcast broadband, osx, using any browser, same results. I still cannot believe that there isn’t anybody with a fix for this or at least more complaints. It seems almost as if where you’d expect to see people angry or complaining about this, that the messages have been wiped from forums.

    today’s annoying redirect is when accessing a mundane ip lookup page that has never had the sogo redirect problem in the past, but now being redirected for about a week straight.

  70. This happened to me two days ago. It occurred on two separate computers, a mac and a pc. The address bar said http://www.google.com but the page displayed the Paul Campaign for Liberty website. It was as if the ron paul site resided on the google domain. It was like that for about ten minutes or so around 7:05PM PST. I am in the Los Angeles area with Time Warner Cable as my ISP and I am using a Belkin N1 Wireless Router. Could it be a DNS issue? I also have regular issues trying to access the yahoo login page and some pop3 issues connecting to my personal mail server – not sure if these are related.

  71. Still happening…. Browser lags to a crawl and then as usual, yahoo.com is first to get hijacked by infoweb (which is the same as sogo)… usually by clicking a news link. And the ‘infoweb’ site is also aware of the yahoo hijack since they page they display is all about yahoo and their (old) business dealings during the initial talk of a microsoft takeover.

    slows down home broadband connection to a crawl… mac/osx comcast cable broadband, portland oregon. Usually lasts for at least 10 to 15 minutes.

    I still can’t believe there isn’t more conversation about this on forums…

  72. I don’t think Google was hacked because if they were hacked how do they resolved this so quick?!

    They are testing some new algorithm commands on their server and something worked wrong..

    -Bizkit

  73. I was faced with the same problem as awful was (or still is?), and was super frustrated
    finally I downloaded applejack and ran it once, and the problem was solved somehow

  74. Google was hacked
    Google was hacked
    Google was hacked
    Google was hacked
    Google was hacked
    Google was hacked Google was hacked Google was hacked

    Some marketing guy is pretending it did not happen !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! They have 38 people denying this !

    Never trust them

  75. yes google.com or google.co.in and internal are failing to open, some flight travel company is opening. the data seems to be coming from some smartname.com site where dns might be forwarding data. initially i thought my browser was hacked so i deleted all temp files and cookies but the problem persisted, checked in firefox and internet explorer
    http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs214.snc4/39053_1499917425161_1450925680_1240382_5585555_n.jpg

This site uses Akismet to reduce spam. Learn how your comment data is processed.