This Saturday for about 22 minutes, anyone from Latin or South America who attempted to login to Google’s services or use their search function were accidentally redirected to a server located somewhere in the network of British Telecomm’s South American division.
A security company named BGPmon first reported the problem, stating that Google’s Public DNS server 126.96.36.199 had been hijacked by an unknown source, and was redirecting traffic without the company’s knowledge.
“Google’s Public DNS servers are used for “130 billion DNS queries on average (peaking at 150 billion) from more than 70 million unique IP addresses each day.” That makes Google the most popular free public DNS service in the world. Public DNS services, such as those offered by Google and OpenDNS, are used by savvy Internet users who want the fastest possible look-up speeds for their Web browsing.”
Without the help of DNSSEC (a standard designed to help keep this type of problem from popping up in the first place), Google quickly fell to the DNS data diversion and was only able to regain control of their servers after rebooting the entire system to kick any unauthorized users out by force.
No malware or spyware was observed as being distributed during the attack, which leads researchers to believe that it may have been a simple misconfiguration on Google’s part, but nothing is being ruled out just yet.
Google has yet to issue any kind of response as to what might have gone wrong, but we expect to get more details on the issue in the next few days to come.