The Romanian domains of Google and Yahoo encountered a hiccup earlier this morning, when an alleged Algerian hacker re-directed Google.ro and Yahoo.ro users to a page where the hacker who uses the monicker MCA-CRB wrote the message ‘to be continued’. While Google Romania insists the website was not hacked, internet security provider Kaspersky Labs Romania says it is currently investigating DNS poisoning of the two websites.
“When we heard about this incident, we were pretty skeptical about the attack. A site such as Google’s can be theoretically hacked, but it is very unlikely. Then we noticed that both domains were directed to an IP address in the Netherlands […], so it seemed more like a DNS poisoning attack,” said Stefan Tanase from Kaspersky Lab Romania.
Google Romania also explained it was a domain issue and the company is currently investigating the issue with the organization responsible for managing domain names in Romania, Romania Top Level Domain.
“The incident could have been much worse if the attacker had other purposes, other than becoming famous for defacing famous websites. Imagine how many accounts would have been compromised this morning if these websites were re-directed to a phishing page,” said the Kaspersky Labs specialist.
Last week, the Pakistani sites of Google, Yahoo!, Microsoft, PayPal, eBay, HP and Apple were defaced in the same way.
Google has been running its own office in Romania since November 2010. The office is run by Dan Bulucea.