Hackers used DNS poisoning to redirect visitors of Google.ps to a defacement page

Aug 27, 2013 06:46 GMT  ·  By

Pro-Palestine hackers have defaced Google Palestine. The attackers are apparently displeased with the fact that Google Maps shows Palestine as being Israel.

“Uncle Google we say hi from Palestine to remember you that the country in Google Map not called Israel. It’s called Palestine,” the hackers wrote on the defacement page.

They added, “Question: what would happens if we change the country title of Israel to Palestine in Google maps!!! It would be revolution.”

It’s worth noting that Google hasn’t been hacked. Instead, the Palestinian hackers have relied on DNS hijacking to redirect Google.ps visitors to their defacement page.

According to experts, it’s likely that the .ps domain registry has been hacked. The hacktivists have changed Google DNS entries to omar.genious.net and hamza.genious.net.

Genious Communications is a hosting provider from Morocco.

Currently, Google Palestine is working properly.

The search giant has sent the following statement to ZDNet: “Some users visiting Google.ps have been getting redirected to a different website; Google services for the Google.ps domain were not hacked. We're in contact with the organization responsible for managing this domain name so we can help resolve the problem.”

This is not the first time when hackers use DNS poisoning to make it look like they’ve defaced a high-profile website. In most cases, the attackers hack the systems of the respective domain registry and alter the DNS records so that visitors of certain domains are redirected to an arbitrary site, usually a defacement page.

As experts highlight, although they might appear to be, many of these attacks are not very sophisticated. Many registrars have websites riddled with vulnerabilities that allow hackers to gain access to DNS records.

Over the past months, this technique has been utilized to “hack” Google Kenya, Google Kyrgyzstan, Google Oman, Google Malawi and Google Uganda.