IEDR admits blame for hack that brought down Google and Yahoo
IEDR, the Irish ccTLD registry, has admitted that an attack on its own web servers was responsible for google.ie and yahoo.ie being hijacked last month.
In a detailed statement, the registry said that hackers spent 25 days probing for weaknesses in its systems, before eventually breaking in through a vulnerability in the Joomla content management software.
This enabled the attackers to upload malicious PHP scripts and access the back-end database, according to the statement. They then redirected yahoo.ie and google.ie to an Indonesian web site.
It’s a reverse of position for IEDR, which had appeared to blame one of its registrars (believed to be Mark Monitor) for the lapse in security when the hack was discovered last month.
IEDR told ZDNet October 11: “an unauthorised change was made to two .ie domains on an independent registrar’s account which resulted in a change of DNS nameservers”.
But today it said instead: “The IEDR investigation also confirmed that neither the Registrar of the affected domains nor its systems had any responsibility for this incident.”
The registry has filed a complaint with the Irish police over the incident, and apologized to its customers for the disruption.
It also said it plans to roll out a Domain Lock service to help prevent hijacking in future, though I doubt such a service would have prevented this specific incident.
If you find this post or this blog useful or interestjng, please support Domain Incite, the independent source of news, analysis and opinion for the domain name industry and ICANN community.
Will they stop suing people that just blogged about they being hacked ?
I sincerely hope so 😉
ummm.. we’re going to add another padlock to the gate. but they never gained access to the gate. it will be a 5 star graded shiny padlock, and you’ll all have to use another key to get in. but i always used the gate, now i must carry around another key. look – shiny padlock… it blinks in the sun