The internet giant, Google, recently had their public DNS server hijacked and all DNS server traffic redirected. The worlds largest globally used free Domain Name System (DNS), Google’s free DNS, had a brief hijacking Saturday morning, March 15, 2014.
DNS is the phonebook of the internet, it translates IP addresses into human readable data back and forth. Earlier Saturday, network monitoring firm BGPmon, confirmed Google’s public DNS server 18.104.22.168/23 was hijacked for approximately 22 minutes.
Google DNS reported to push through over 150 million queries per day, by over 70,000 unique IP addresses just last year. Following the hijack, for 22 minutes Internet users in Venezuela and Brazil, including finical institutions, governments, and others using Google’s DNS were redirected to BT’s (British multinational telecommunications services company) Latin America division.
“Hackers exploited a well-known vulnerability in the so-called Border Gateway Protocol (BGP), which is used to exchange data between large service providers, and hijacking could allow the attackers to simply re-route the traffic to a router they controlled.” —TheHackerNews
BGP attacks are the man-in-the-middle attacks at a larger scale, and much harder to detect as traffic still reaches its legitimate destination. Such exploit was first demonstrated at DefCon in early 2008 by the two security researchers, Tony Kapela, and Alex Pilosov. BGP attacks are becoming a daily occurrence, but attacks don’t generally scale at a global level.
This is not the first time Google’s public DNS has been hijacked, just last year Google’s DNS server traffic was hijacked and redirected to Romania and Austria.