Google Morocco hacked?!

04

May 2010

ggo.ma

Hackers are hard at work at the moment! After the hacking of Salma Hayek’s email inbox and one of Twitter’s employees which revealed the Twitter admin user interface, it is now Google’s turn to be the target of an other hacking group called PAKbugs Crew

Here is the page you will see when you visit the Google Moroccan search home page (google.co.ma):

ma00

It seems they are using a DNS hijacking method, which redirects the IP 74.125.77.104 to 174.37.141.242 which was made possible not by hacking Google directly, but OpenDNS.

[UPDATE] In fact, it seems that the hacking is only happening on nic.ma, which led to the issue when all dns servers updated their dns list. The problem is not only limited to OpenDNS which updated its database but now all DNS servers seem affected.

A Whois query on google.co.ma returned the following results:

ns1.apnihost.net 174.37.141.242 US ns1.apnihost.net 174.37.141.242 US
ns2.apnihost.net 174.37.141.124 US ns2.apnihost.net 174.37.141.124 US

Administrative Contact : Email mr@lonely420.hotmail.com Administrative Contact: Email mr@lonely420.hotmail.com

google_hacked11

ma5

ma6

ma7

Tracert from France

ma8

Tracert from Morocco using OpenDNS

ma9

ma10

ma3

ma11

ma12

ma13

ma2

ma4

(Thanks to @Idris for the info and updates!)

Your opinion:
2WANT! 0NEED 0AMAZING 0SUCKS 0FAKE