186 thoughts on “Google (NOT) Hacked? Just A DNS Glitch says Google”

  1. Wow, this is amazing. Google being hacked means that we’re all basically screwed from any type of security on the web. I would like to know what really caused this, though. Hopefully something like this won’t happen again.

  2. Too funny, the sky is falling, the sky is falling. Hey maybe they had an internal problem or there DNS servers got hosed. Who knows.

  3. This should be interesting, I wonder ‘if’ google was ever hacked, would they come out and admit it? There must be a emergency meeting going on as we speak with their PR people hehe.

  4. An issue of changing DNS from a service to a home grown solution is my third-hand knowledge, eavesdropping on a friend’s phone call to employee.

  5. It was more like 1/2 h not only 2 minutes and it affected most if not all regional sites as well (.co.uk, .es, .nl, etc)

  6. Pingback: One Degree
  7. Damn, I just power cycled my modem and then called Comcast to tell them my internet is down – now I feel stupid

  8. Apparently, the myDoom virus rearead it’s ugly head again today and flooded googe and gmail with crap. Wy wifes hotmail account, which rarely gets email at all, got 150 infected emails today, so this is confirmed.

  9. That screenshot is clearly faked – look at the address bar, it still shows the google logo, at the left of the address, this is a line of HTML that changes that image, now would “sogo” or whatever balls it was, really use the google logo?

  10. well seriously .. if they were hacked then the hacker didnt do a very good job. i can access gmail and i can use google plus that screen could’ve been taken when they were in the first steps of taking over google

  11. I noticed that http://www.google.com.net/ redirects to that sogo place. Could this be a result of your browser doing a “best fit” sort of deal when google.com was down? I know Firefox tries to find the best site when the one you enter is wrong, not sure about Safari.

  12. This article made me remember an article I read last week in a national IT-magazine, in which they pointed out some of the dangers facing the current Domain Name System (DNS). The article was mostly based on information from a report by the National Research Council.

    A prepublication and more information on that report can be found here:
    CSTB Publication: Signposts in Cyberspace: The Domain Name System and Internet Navigation
    Nat’l Academies Press: Signposts in Cyberspace: The Domain Name System and Internet Navigation

    To which I must admit not having read anything but the summary myself.

  13. Folks, well got an update from Google folks who did clarify and said that there was a DNS glitch. Not a hack. my apologies for an alarmist headline, but it was clear something was up.

  14. I noticed that http://www.google.com.net/ does in fact go to the sogo search site and also that http://www.sogosearch.com/ is the same as the google.com.net site. Maybe it was some type of hack and it’s not like anything is “hack proof”. There will ALWAYS be a way to break through firewalls. Even with the best encryption it’s still possible to penetrate.

  15. Here’s another screenshot:


    If Google is telling the truth, then this post must be a lie?


    $ whois google.com
    Whois Server Version 1.3
    Domain names in the .com and .net domains can now be registered
    with many different competing registrars. Go to http://www.internic.net
    for detailed information.
    IP Address:
    Registrar: KEY-SYSTEMS GMBH
    Whois Server: whois.rrpproxy.net
    Referral URL: http://www.key-systems.net
    IP Address:
    Whois Server: whois.itsyourdomain.com
    Referral URL: http://www.itsyourdomain.com

  16. It appears this is nothing more than your DNS server f’ing up. Apparently, your side of the world must’ve been redirecting to SoGoSearch for some reason – I (in Michigan) only got an error message saying that Google.com couldn’t be found.

  17. I’ve noticed that all the screenshots are on OS X.

    I noticed this on my OS X box, but not my windows box (when google started responding again) and flushing dns brought back the normal google

  18. Some browsers redirect to a generic search page when the domain you typed in couldn’t be found (for example, because of a DNS error). This could be how people started seeing ‘SoGoSearch’ and ‘MSN Search’ pages.

    In response to Brendan Loy: The existence of amusing subdomains of gulli.com and seczy.com doesn’t mean Google was hacked. It’s just a joke by the people who own those domains.

    From what I’ve seen here, I see no reason to believe that Google was hacked. It just looks like a DNS screwup. “Never attribute to malice that which can be explained by incompetence”, and all that.

  19. As far as the whois stuff goes, look closely. The entry for GOOGLE.COM is still there and intact. Somebody did manage to get in newer entries that include the substring “GOOGLE.COM” and thus also show up on a basic search, which is bad, but that has nothing to do with Google itself. -m

  20. Pingback: Gizmodo
  21. Pingback: Operation Gadget
  22. Anyone with half a brain and access to more than one DNS server could tell you that Google wasn’t hacked. It’s people like you that give tech support such a hard time with the stupidest problems. Before you jump to conclusions next time … fire off at least 2 synapses before you open your mouths.

  23. This is the 3rd time that ive seen this happen is just the first time its been picked up on. Kinda interesting…….. but i wouldent worry about it, I think the DNS has a routing problem becuase of the number of times ive seen this. Also its never lasted more and 1:30 minutes for me anyway.

  24. Hmm… Interesting that in the initial post here, Google gets a capital G and GOD gets a lower case G. Certainly Googole isn’t the new mesiah 🙂

  25. While this probably isn’t the case with the Google incident, New Scientist published an article describing how a malevolent hacker can essentially “poison” the dns system locally, then potentially regionally, and so on forth, to have a domain name point to a different IP address. Essentially this problem with google could happen in such a manner.

    Here’s a link to the article from New Scientist:

  26. whoops, sorry for the slight redundancy. I checked above previously and didn’t see mention of the article or dns poisoning. After reading through the comments more thoroughly I see that Bruce posted some articles that appear similar in concept. Hopefully the article I listed will help with further elaboration.

  27. So, Does anyone else think Bill Gates had something to do with this? Gotta love a good conspiracy theory =8-)

  28. Pingback: SEO Book.com
  29. google wasn;t hacked

    it wasn.t dns.

    it was a testing of “how many will talk”


    they are creating chatter and attention,,,

  30. Pingback: Paul Whitaker
  31. Thats really strange, We at Adsense publishers must have lost few dollars for all this issue. But one thing is sure, sogosearch has got a lots of publicity from all this issue.

  32. Pingback: lazygeek.net
  33. Folks the site sogosearch own the com.net dns record

    they are using the *.com.net domain to catch dns queries from .com sites that people type incorrectly or the dns lookup fails, their internet explorer starts appending suffixes to the name to try and locate a site, they have a record for the name google.com.net so when a google.com lookup fails internet explorer trys adding .net to the end and finds the wrong site

    doesnt take a google genius to figure this out

  34. Pingback: WebhostingTech
  35. Pingback: BloggingTom
  36. The second screenshot (http://img241.echo.cx/img241/6208/googlemsn3lp.png) is clearly a bad fake.
    First, putting an URI in the adress bar and hitting enter (or pressing Go) would append a solidus (slash) at the end of the URI.
    Also, the icon at the left of the adress is semi transparent. This indicates that no one have pressed either enter or Go yet (try that in Firefox and you’ll see.)

  37. I work in google’s department for west europe.
    It was hack indeed.
    Nothing more to say. If you need more informations.. email me.

  38. Google’s not lying when they say they weren’t hacked. But calling it a DNS “glitch” isn’t entirely honest.

    While the DNS server I used that was affected, I looked at the source of the SoGoSearch page, which was different than the source if you browsed to SoGoSearch in the address bar. The difference?

    The “hijacked” version had:

    as a comment instead of

    Ok, so a script is pulling that in. 😛

    Seriously though, the DNS I used for my PSP Browser portal was wonked, but when I switched back to Comcast’s default DNS servers, everything was fine. Still sounds like a trunk’s DNS was maliciously altered. How could a few get the wrong record and everyone else get the right one?

  39. DNS is the first thing I thought of when I heard about this. And then I came here and saw a screenshot of a search engine. Now that’s an interesting coincidence, isn’t it? 🙂

  40. American Express sponsors the SOGOSearch site !
    A credit card company gone to the dark side ….

  41. did anyone bother to tell nslookup to use googles SOA server and then have a look at how google.com resolved?

    if it resolved to the ‘mysterious other site’ than technically google got hacked.

    if say comcast’s nameserver(s) was misdirecting and googles wasn’t, tan it’s comcast wot got hacked…

    it’s not rocket science…

  42. I hope you guys realise that some of the screenshots are possibly faked. I can easily fake them myself (goto another site and then change the address bar)
    For example the Google MSN (http://img241.echo.cx/img241/6208/googlemsn3lp.png) you can see that the server it is trying to access is search.msn.com, I know that this may be for pictures but who knows, maybe has been a hoax. I know that not all of them are fake, but I’d think if the DNS stuffed up it wouldn’t redirect you to lots of different sites, rather just one (SOGO in this case)


  43. There was no re-direct but an error message…we use http://www.google.ca in Canada and wouldn’t fly…tried gmail and got page could not be found errors.
    Didn’t have too much time but a whois on google.ca appeared to direct to google.com: which is likely the problem domain.

  44. Sogo is a big department store in Indonesia.

    Was google hacked by an Indonesian Crack SpecOps?

  45. Pingback: Bakkel's weblog
  46. Pingback: Elliott Back
  47. The ‘dead Google air’ I hit didn’t refer, it just seemed to ‘hang’ during the lookup. Damn, I pinged the domain name, but didn’t ping the IP! If someone did they could probably clean up this DNS ‘hijack/poisoning’ thing!!!

    I had noticed a large UK PC sales group suddenly went ‘off air’ to-day. Later announcing that they were upgrading… 5 hours later too, ermmmm?!

    Wierder things have happened.

  48. Yup, noticed it as well. Got back from running errands, opened browser and bam… no Google. Thought it might have been Comcast, but using other some friends’ computers resulted in the same thing. :/

    Kinda hit home how centralized/dependant many services are on Google. Of note is Adsense… I checked out a few dozen pages and all of them had Adsense missing during this time.

    The fact that almost all of Google’s primary services are based on the *.google.com domain allows for this kind of “one hit affects everything” situation.

    Hopefully, Google will come up with a way of avoiding such future disturbances.


  49. they are using the *.com.net domain to catch dns queries from .com sites that people type incorrectly or the dns lookup fails, their internet explorer starts appending suffixes to the name to try and locate a site, they have a record for the name google.com.net so when a google.com lookup fails internet explorer trys adding .net to the end and finds the wrong site

    If it’s a wildcard, then how come http://www.google.com.net/ takes me to SoGo, but http://www.yahoo.com.net/ does not, nor does http://www.cnn.com.net/ or http://www.brendanloy.com.net/ or any other replacement for the “wildcard” that I’ve tried?

  50. Pingback: Bobnar Blog
  51. google can never be hacked , probably there was DNS problem or there was problem with all the PC’s that uses GOOGLE….

  52. Well looks like sogo are getting a shitload of free publicity!!
    hmmm, could just have been an error in their favour tho! Shame is slept through all of this! would have loved to watch it unfold and have a go at working it out.

  53. Okay, I ‘watched’ this happen, by monitoring my DNS cache.

    Google (or whoever manages their DNS) screwed up – http://www.google.com is a CNAME pointing to http://www.l.google.com. Entries for http://www.l.google.com took a walk for perhaps 30 minutes, making http://www.l.google.com return NXDOMAIN.

    SoGo (or whoever owns .com.net) have a specific A record for http://www.google.com.net, to catch people who can’t get to Google for some reason, and use browsers that do the incredibly stupid thing (Safari?) when they can’t find a domain. This “paid off” for them when Google decided to take a walk from the Internet for those few minutes.

    No foul play here, unless it was an inside job, at which point it wasn’t a very sensible one.

  54. Pingback: linuxBlog
  55. I don’t think so, Google hack is fake. I agree, in the address bar of sogo screenshot, it still shows google’s logo!!
    This is a hoax by who knows, microsoft?

  56. The logo is still in the window because Safari/Firefox tends to be a bit slow in updating icons. They don’t always look at the icon apparently. It is not a faked image, people, it is a simple bug in Firefox/Safari that I’ve experienced since 0.8 😉

    By the way – I doubt Microsoft feels Google is a threat to them. Google is a search/steal your privacy company, not a screw-yourself company ;). Microsoft has no need to feel threatened by Google, except in terms of MSN Search / Hotmail.

  57. I m not a techie so dont know much except the basics but at the moment i cant reach the now-so-famous google.com.net !!!

  58. As of 07:28 EST google.com is still not reachable via domain name.
    Using the URl I am presented with the Firefox logo and nothing esle on the page. Yes I can get to google using one of it’s ip addresses.
    DNS problem still in effect?

  59. 6-4-2005. 1PM PST. Gmail is down. Server Error (500)

    So are we seeing the first cracks in the zillion of cheap servers technical approach?

    I believe one or more competing SE/portals use specialized storage with dual parity RAID (“RAID DP”) to ensure data availability (treating customer data like a Fortune 500 compnay treats its corporate records)

    Or is this another DNS issue?

    I imagine the zillion-cheap-server-grid is pretty darn complex.

    Anyway, don’t bother to e-mail (gmail) me until it’s back up!

  60. Pingback: Antonio Casas
  61. Hi all,
    this is off-topic … I have met a serious problem: when looking for ANYTHING searching in http://www.google.com, I obtain the ONLY reference to ncc.sex-explorer.com. How can I get rid of this property?
    Interesting is, that when trying e.g. http://www.google.sk, I have no problems.
    If anyone knows, where is the problem, please, send me a mail.

  62. I’m glad I stumbled on this topic..explains why I got the same error as many of you pointed out with Google. Can you say free publicity?

  63. Pingback: SIPthat.com
  64. HELP!
    My google is different, you can’t do image search, or any of the others, and the number of pages is different and it looks a bit strange. Their is no “im feeling lucky”. It hink someone HACKED MY GOOGLE

  65. I didn’t get the SOGO page. Yesterday a couple of friend and I discovered it at about 4:10 CST. The Source code was not at all like it should be. It was asking you to type in the code that displayed in the “picture.” No javascript however was present in the source code. The image search, new, etc worked fine. It just effected the search page. It said something to the affect of ” your computer has been infected etc.” If that were so and Google had made this page, then it would not be like this on every computer in our server room, and also the prompt would come up in the image search as well.

    I think that we were one of the first to discover this, because we went to every single forum (geek forums) but nothing was reported. Anyways has this affected any one else.

  66. Hey people,

    this is not due to any hack or something. This is just child name servers created at the Registry.

    When you query internic’s servers for the whoisof the domain name, internic performs a domain.com.* query and that is the reason this thing shows up. You can check the same for hotmail.com, yahoo.com.

    Ifyou have a domain namme abc.com you can go ahead and register a child name servers which says google.com.i.dont.own.that.abc.com and this should also show up in the whois search of google.com. So just a wrong way to query used by Internic servers!

    Hope this was a little helpful to you guys.


  67. Google via IP address works today, but for us (apparently just us), am getting either:
    Index of /

    Name Last modified Size Description

    [DIR] Parent Directory 21-Dec-2005 15:05 –
    [DIR] cgi-bin/ 21-Dec-2005 14:20 –

    Apache/1.3.34 Server at http://www.google.com Port 80
    …or getting a web hosting company apparently called “computersteroids” (when typing in “groups-beta.google.com”). Whose DNS files are bad and whose are good?

  68. I haven’t been able to access Gmail homepage, Hello download page, Yahoo sign-in page, Hotmail sign-in page, eBay sign-in, etc., for two weeks now despite following every “fix” out there. Just goes to a DNS error page. Still can backdoor onto Yahoo by signing in on the Photos link. I wish someone could fix this…

  69. 7.38 pm in Australia and google is still screwed,all my sites are not showing addsense ads,a search using google.com yields a blank and the addsense code generation page is a shambles.

  70. It is possible to poison DNS records. If a particular region is having problems, it seems likely that that region or a specific ISP’s DNS was poisoned. It seems unlikely that only a single specific LAN’s gateway was poisoned, except maybe for practice before attacking the regional DNS.

  71. When I reading a message in google earth, I recived a message on a IRC net to visit a page. This page have a troyan, so I think that when you read your mail, this people don’t have more, but your IP, and use this information, to try an attack over your computer. I don’t know how this people have this information, but it could be, this dns server in troubles.

    Bye from Spain.

  72. When I was reading a message in google gmail, I recived a message on a IRC net to visit a page. This page have a troyan, so I think that when you read your mail, this people don’t have more, but your IP, and use this information, to try an attack over your computer. I don’t know how this people have this information, but it could be, this dns server in troubles.

    Bye from Spain.
    (sorry for my horrible english)

  73. It seems that not only Google was hit. Around 20 percent of sites I visited today were down. I thought it was my cable connection but it appeared to be something else. Could you imagine Google going down? And all its Adsense? 🙂

  74. Son idiotas, no ven ke no hay pruebas??
    Como saben ke modificaron la imagen?? AHH?!
    Ke borraron la parte en donde salia google y le pusieron otra imagen??

    No lo puedo creer…
    De verdad ke no…

    No sean giles, Google es seko. Y los pikotas & envidiosos ke dicen ke no ke se jodan.

  75. I have not been able to log onto Google for several days now. I get an error message stating: “Cannot find Server”. Whats going on? Is there anything I can do to correct this?

  76. my pc has been hijacked!! help!!

    try to get google.co.uk and it takes me to some other junk!!

    the junk page’s layout remains the same but changes its name everytime i try to go on a webpage…this happens with most webpages …but not this one…(?)

    cant access google …or anything really except yahoo mail and microsoft.com

    how can i fix this?

    tried loads of scans…avg…trendkill…spywareblaster…spybot…etc etc all come up with zero

    get me at bduffin3012atyahoodotcodotuk and help me out please!!!!!

  77. seriously this just happened to Apple… I have a screen shot, i dont’ know how to link it in here. It’s 2:11 AM on sunday night Dec 3, 2006. But it’s SOGO. I thought it was so crazy I googled SOGO and found this link about the same thing happening to Google… crazy. Send an e-mail and I’ll send the image. It looks just like yours but with the apple link.

  78. 我公司是一家装专门提供集团电话批发、零售、安装、调试、维护、维修的专业设备供应商和服务商。
    专营各种进口、国产集团电话。 并与国内外多家知名厂商建及电信运营商立了良好的合作关系, 公司一直致力于向客户提供最经济实用的语音、数据通讯解决方案。

  79. Its funny. I can access google and its every service from my server but not from my laptop. I guess i ll have to use the server in the meantime. It is 6:45 EST. GOOGLE STILL DOWN.

  80. If google was really hack i bet it was either a group of people that call themselves the g00ns or it was the other group that calls themselves the sKuLlZ but that is what i think if you don’t want anything messed up with your computer don’t look for these guys these guys are probably the elite of the elite

  81. Google is still down (9AM CDT) in my part of the world (NW Florida) and has been since late last night. Maybe the BellSouth DNS is not self-correcting.

  82. Pingback: Lumpy's Corner
  83. I’m hoping that they ensure that these “glitches” don’t happen very often at all. Considering how prevalent google is in all of our lives, it would be a catastrophe if it were down for even a few hours.

  84. Not here it’s been out all day for me.
    Nothing seems to load as far as the web
    search goes, but images work and that’s
    I have not seen any redirect to any other
    search engines at all.
    I live in Texas.

  85. When using Google search all come up as question marks. example (???????) please advise. I’m paying for PPC advertising and I’m losing sales because of this,Please advise.

  86. Still continually, everyday at some point… hijack by sogo or infoweb (same company) and usually yahoo as well, but also digg.com today

  87. really? this isn’t happening to anyone else? Eveyday, maybe more than once, our comcast broadband connection ends up getting hijacked. Google ads are hijacked and replaced with annoyingly awful orange ‘sogo’ logotype. Either that, or the search (yahoo and google) get directly hijacked by either the orange ‘sogo’ page or the other ‘infoweb’ page… which is the same company.

    I can’t believe nobody else is having this problem. It surely can’t just be us.

    We’re using comcast cable/broadband in Portland, Oregon.

    This has been going on for at least a year now, but gotten much worse within the last few months.

  88. Whoa, today (date to left of post), i was trying to access a part of my site i have barely created (new mod for phpbb3), and when trying to install (through browser, install.php stuff), internet would redirect to sogosearch.

    Is anyone doing anything to stop these people?

  89. Still happening. Sogo redirect for certain pages. Comcast broadband, osx, using any browser, same results. I still cannot believe that there isn’t anybody with a fix for this or at least more complaints. It seems almost as if where you’d expect to see people angry or complaining about this, that the messages have been wiped from forums.

    today’s annoying redirect is when accessing a mundane ip lookup page that has never had the sogo redirect problem in the past, but now being redirected for about a week straight.

  90. This happened to me two days ago. It occurred on two separate computers, a mac and a pc. The address bar said http://www.google.com but the page displayed the Paul Campaign for Liberty website. It was as if the ron paul site resided on the google domain. It was like that for about ten minutes or so around 7:05PM PST. I am in the Los Angeles area with Time Warner Cable as my ISP and I am using a Belkin N1 Wireless Router. Could it be a DNS issue? I also have regular issues trying to access the yahoo login page and some pop3 issues connecting to my personal mail server – not sure if these are related.

  91. Still happening…. Browser lags to a crawl and then as usual, yahoo.com is first to get hijacked by infoweb (which is the same as sogo)… usually by clicking a news link. And the ‘infoweb’ site is also aware of the yahoo hijack since they page they display is all about yahoo and their (old) business dealings during the initial talk of a microsoft takeover.

    slows down home broadband connection to a crawl… mac/osx comcast cable broadband, portland oregon. Usually lasts for at least 10 to 15 minutes.

    I still can’t believe there isn’t more conversation about this on forums…

  92. Google has definetely been hacked now or something seriously has screwed up. Basically Pakistani news appears and when you type BBC into the box and all other sites are reported as being dangerous and unaccessible.

  93. I don’t think Google was hacked because if they were hacked how do they resolved this so quick?!

    They are testing some new algorithm commands on their server and something worked wrong..


  94. This article is great! I cannot believe someone hacked Google. That is like the biggest slap in the face to them. Great article and beautiful site design btw. Keep up the good work!

  95. I was faced with the same problem as awful was (or still is?), and was super frustrated
    finally I downloaded applejack and ran it once, and the problem was solved somehow

  96. Google was hacked
    Google was hacked
    Google was hacked
    Google was hacked
    Google was hacked
    Google was hacked Google was hacked Google was hacked

    Some marketing guy is pretending it did not happen !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! They have 38 people denying this !

    Never trust them

  97. yes google.com or google.co.in and internal are failing to open, some flight travel company is opening. the data seems to be coming from some smartname.com site where dns might be forwarding data. initially i thought my browser was hacked so i deleted all temp files and cookies but the problem persisted, checked in firefox and internet explorer

Leave a Reply to andrew Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.