Google, Level 3 DNS services hijacked by TurkTelekom

Turkey's campaign to restrict access to sites such as YouTube and Twitter are continuing

Google said its free DNS (Domain Name System) service is being intercepted by most Turkish ISPs as the country battles users trying to circumvent censorship efforts by the government.

Also, an Internet monitoring firm said Sunday the DNS service from major communications company Level 3 had also been hijacked.

Turkey's government, embroiled in a corruption scandal, began clamping down on the Internet on March 21 by blocking access to Twitter. The government claimed Twitter violated the country's privacy laws.

YouTube was then blocked last Thursday for national security reasons. A conversation was published allegedly between Turkey's foreign minister, intelligence chief and a senior member of the armed forces concerning militants in neighboring Syria.

Both actions were taken just ahead of nationwide municipal elections held on Sunday.

Turkish ISPs have set up servers that "masquerade" as Google's DNS service, wrote Steven Carstensen, a Google software engineer.

"We have received several credible reports and confirmed with our own research that Google's Domain Name System (DNS) service has been intercepted by most Turkish ISPs," Carstensen wrote.

Internet users who don't want to rely on their ISP's DNS services can use Google's Public DNS. DNS servers translate domain names into IP addresses that can be called into a Web browser. Turkish Internet users turned to Google's Public DNS after the government imposed restrictions on the country's ISPs.

Internet monitoring firm Renesys said Sunday major internet provider Level 3's DNS service was also hijacked.

Turkish's national telecom provider, TurkTelekom, hijacked the DNS servers of both companies using the Border Gateway Protocol (BGP). Organizations and companies that run networks "announce" BGP routing, which is public information used in networking equipment to route traffic.

Occasionally, an organization will mistake and broadcast incorrect BGP information, inadvertently hijacking the traffic belonging to another network. But as in the cases of Google and Level 3, BGP changes can also be malicious.

People who try to use Google or Level 3 DNS services are "surreptitiously" redirected to alternate providers within TurkTelekom, wrote Earl Zmijewski, a vice president and general manager for Renesys, on a company blog.

Send news tips and comments to Follow me on Twitter: @jeremy_kirk

Tags Googlesecurity

More about GatewayGatewayGoogle

1 Comment



TurkTelekom's hijacking of Google is just a recent glimpse of the result of the Prime Minister's tireless efforts to constrict communication throughout the country as he carries on with his corrupt and shamless political agenda. Protecting the interests of Islamic conservatives, Tayyip evidently has no intention of implementing any practices of a fair democracy, especially in the upcoming elections, which have already shown solid evidence of blatent and violent rigging, signs of cold corruption. Although stripping access rights to Twitter, YouTube, Facebook, and now Google have caused national protest and global concern that Turkey is headed on a path of isolation to secure Tayyips dictatorship for upcoming years, political actors must encourage Tayyip to admit his pathetic war on social networks-hiding behind religious conservatism and refusing to step down as the soar loser that he will always be.

Comments are now closed

UPDATED: Which NBN plan is best?

MORE IN Networking