Google, Level 3 DNS services hijacked by TurkTelekom

Turkey's campaign to restrict access to sites such as YouTube and Twitter are continuing

Google said its free DNS (Domain Name System) service is being intercepted by most Turkish ISPs as the country battles users trying to circumvent censorship efforts by the government.

Also, an Internet monitoring firm said Sunday the DNS service from major communications company Level 3 had also been hijacked.

Turkey's government, embroiled in a corruption scandal, began clamping down on the Internet on March 21 by blocking access to Twitter. The government claimed Twitter violated the country's privacy laws.

YouTube was then blocked last Thursday for national security reasons. A conversation was published allegedly between Turkey's foreign minister, intelligence chief and a senior member of the armed forces concerning militants in neighboring Syria.

Both actions were taken just ahead of nationwide municipal elections held on Sunday.

Turkish ISPs have set up servers that "masquerade" as Google's DNS service, wrote Steven Carstensen, a Google software engineer.

"We have received several credible reports and confirmed with our own research that Google's Domain Name System (DNS) service has been intercepted by most Turkish ISPs," Carstensen wrote.

Internet users who don't want to rely on their ISP's DNS services can use Google's Public DNS. DNS servers translate domain names into IP addresses that can be called into a Web browser. Turkish Internet users turned to Google's Public DNS after the government imposed restrictions on the country's ISPs.

Internet monitoring firm Renesys said Sunday major internet provider Level 3's DNS service was also hijacked.

Turkish's national telecom provider, TurkTelekom, hijacked the DNS servers of both companies using the Border Gateway Protocol (BGP). Organizations and companies that run networks "announce" BGP routing, which is public information used in networking equipment to route traffic.

Occasionally, an organization will mistake and broadcast incorrect BGP information, inadvertently hijacking the traffic belonging to another network. But as in the cases of Google and Level 3, BGP changes can also be malicious.

People who try to use Google or Level 3 DNS services are "surreptitiously" redirected to alternate providers within TurkTelekom, wrote Earl Zmijewski, a vice president and general manager for Renesys, on a company blog.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

This story, "Google, Level 3 DNS services hijacked by TurkTelekom" was originally published by IDG News Service .

Join the discussion
Be the first to comment on this article. Our Commenting Policies