sure enough, visitors of the company’s Bangladesh search site (Google.com.bd) see a defaced landing page rather than the usual search site. As far as I can tell, www.google.com.bd functions properly, so whether this really constitutes a ‘hack’ is up for debate.
Local Bangladesh media, including online newspaper bdnews24.com, reported on the news as well, quoting a CTO of a local ISP, who confirmed the hack.
Nevertheless, it seems like only a subset of users see the defaced landing page, while others report that they can visit and use the search engine without any hiccups.
According to Zone-h, Bangladeshi hacker TiGER-M@TE has been quite active with defacements lately, and has targeted some high-profile sites in the past, including the local website for American Express and Airtel (video).
This was a DNS hijack done in the .bd zone run by Bangladesh Telecommunications
Company Limited (BTCL). This wasn't Google hacked, per se. The hacker just decided to take advantage of what is probably the most noticeable domain in the .bd zone. They could have probably done this to any of them.
There is nothing Google could have done to prevent this. And no, DNSSEC would not have stopped this.
Anyways, it's fixed now globally. And if you used OpenDNS, our caches were cleared of the bogus records a while ago.
No comments:
Post a Comment