Here's how Google Palestine was hacked; local root server confirms repair

Read In

As other outlets are reporting,, Google's landing page was hacked yesterday, to protest the naming conventions on Google Maps. Four hackers named Cold z3ro, Haml3t, Sas, and Dr@g took responsibility, naming themselves as members of Hackteach, a Palestinian website that features tech news and hacker forums. 

Hackteach, whose site title in Arabic (شبكة غضب فلسطين) loosely translates as "Network of the rage of Palestine," reported on the hacking, posting two videos simply showing the doctored page.

Google insisted that its servers were not breached; a Google spokeperson informed both the Washington Post and The Next Web

"Some users visiting have been getting redirected to a different website; Google services for the domain were not hacked. We’re in contact with the organization responsible for managing this domain name so we can help resolve the problem."

Anas Anbtawi, a member of the local Palestinian geek community who looked into the hack, confirmed that Google itself was not breached, but rather, the hack was simply a DNS hijack. Meaning: hackers didn't reach Google's servers, but simply tapped into, (the Palestinian National Internet Naming Authority), the root Domain Name Server (DNS) for all local DNSs in Palestine. The hackers were then able to redirect traffic from to an IP in Romania, which then connected to a site in Latvia.

Another re-routing went through an IP in Morocco that was hosted by Genious Communications, a Casablanca-based web hosting startup that has bootstrapped its way to local success

PNINA confirmed the hack to other local members of the Palestinian tech community today. One member wrote:

"PNINA confirms that it has been targeted by a hacking attempt that resulted in changing the DNS records for and a couple of other domains by a hacker with registered IP from Morocco.

PNINA restored the original data within a short period of time and we are analysing the accident in order to take the necessary measures to ensure the safety and reliability of our systems.

All the (.PS) authoritative name servers have the correct data and in full synchronisation of the ccTLD master records. Some of the name servers kept the old/falsified records for some time until the data is refreshed from their caches. 

A full report with all details and remedy actions will be issued shortly.

Have a good and safe night."

This isn't the first time a hack like this has happened; this April, a Bangladeshi hacker claimed responsibility for hacking, Google's Kenya landing page. The hacker also re-routed Google's traffic using servers in Latvia, Morocco, and Uganda. 

The Peeks community on Facebook, Palestine's biggest grassroots tech community, with over 3,000 members, mostly shrugged off the hack. Several wondered why a pro-Palestinian hacker would only target a Palestinian site, while others cautioned users against going to the site in case malware was present. 

"Just to be in the safe side, use a trusted DNS," said a former employee of Paltel, one of Palestine's two major telecom networks. 

"Good intention, but misguided execution," posted Ahmad Al-Najjar, a senior data consultant at Data Strategy, an IT consulting company based in Michigan.

The fact that the hack only penetrated the root Palestinian DNS explains why they didn't go after any other regional root DNSs, says Anbtawi. "If they were good hackers, as they claimed, why did they only attack"

Read In

Media categories


Related Articles