Attack on Google's Palestine Site Shows Risks of Foreign Domains
As this week's hacking attacks against Google, Twitter and the New York Times demonstrate, the dispersed nature of the Internet -- a core trait that makes the Web so powerful -- also leaves it vulnerable to being hijacked.
All three incidents showed the fragility of the Domain Name System that computers rely on to find each other on the Internet, an issue security experts have grappled with for decades. Yet the attack that hit Google offers a particularly instructive lesson about how even large companies with big security budgets can lose control over their foreign sites.
Google, which was infiltrated in 2009 by hackers from China, now has 300 information-security professionals focused on protecting data, a figure approaching bank-like proportions. Jamie Dimon, CEO of JPMorgan Chase, the largest U.S. bank by assets, said in April that his bank has more than 600 employees dedicated to security.
Still, Google's security force couldn't stop hackers from breaking into a third-party service that manages Palestine's .ps domain, changing the IP address of google.ps and temporarily redirecting traffic to an anti-Israel page.
Jay Nancarrow, a spokesman for Google, declined to comment on the company’s security. Google's Palestine site itself wasn’t hacked and the company is talking with the domain manager to resolve the issue, he said.
Widely used domains such as .com and .net are operated by registrars such as VeriSign and NeuStar, which have security features that cost as little as $50 a year to prevent tampering with Web-address records. But many regional domains are managed by local companies that don't offer the same protections, said Paco Hope, a principal consultant with Cigital Inc., a cybersecurity consultancy.
In some places, only one company may be in charge of managing a country's domain, leaving customers such as Google vulnerable should employees at the local company get hacked, Hope said.
"The weakest link is always the human," he said.
The attacks on Twitter and the New York Times were made possible by a breach at Melbourne IT, an Australian Web-services provider where a reseller's account was compromised by a phishing e-mail. It's not known how Google's Palestine partner was hacked.
While none of the attacks caused lasting damage, they are a reminder that the machine that makes the Internet work is vast and varied. And the weakest link threatening a global brand may be these obscure, far-flung companies responsible for keeping these foreign sites online.