MENU

Turkish ISPs intercept Google DNS services to spy on Internet users

Close

The intricate weaving of technology has served us many things: easier, faster and accessible tools of communication; an overload of information; and a life that could also easily be spied on.

BGPMon, a Canada-based industry expert recognized for its network monitoring and routing security, disclosed on March 29 that it has been seeing numerous BGP hijacks every day, of which it included Google.

"It all started last weekend when the Turkish president ordered the censorship of twitter.com. This started with a block of twitter by returning false twitter IP addresses by Turk Telekom DNS servers. Soon users in Turkey discovered that changing DNS providers to Google DNS or OpenDNS was a good method of bypassing the censorship. 
But as of around 9am UTC today (Saturday March 29) this changed when Turk Telekom started to hijack the IP address for popular free and open DNS providers such as Google's 8.8.8.8, OpenDNS' 208.67.222.222 and Level3's 4.2.2.2.," the BGPMon writes.

Google confirms this in its blog post.

"We have received several credible reports and confirmed with our own research that Google's Domain Name System (DNS) service has been intercepted by most Turkish ISPs (Internet Service Providers)," the company states.

"The current situation is concerning and we don't see this type of hijacking for DNS network very much, the only note worthy exception is China where we've observed this several times before.  Not only is Turk Telekom hijacking the IP addresses of popular DNS servers, intercepting traffic, censoring websites at will, it also has easy access to all queries being sent to these servers which allows for easy logging and recording without users noticing," said Andree Toonk of BGPMon.

Recall that the decision of Turkey to block access to Twitter and popular websites has caused rage among its users and compelled its citizens to elude the ban by making use of Google's DNS. However, Google discovered that most Turkish Internet service providers have masqueraded as Google DNS, perhaps to spy on its users. This came a week after word went around claiming Turkey started to block Google DNS.

"A DNS server tells your computer the address of a server it's looking for, in the same way that you might look up a phone number in a phone book. Google operates DNS servers because we believe that you should be able to quickly and securely make your way to whatever host you're looking for, be it YouTube, Twitter, or any other," Google explains.

"But imagine if someone had changed out your phone book with another one, which looks pretty much the same as before, except that the listings for a few people showed the wrong phone number. That's essentially what's happened: Turkish ISPs have set up servers that masquerade as Google's DNS service," Google adds.

Turkey has been running after users or citizens attempting to avoid censorship efforts by the government, which has been caught in a corruption scandal. On March 21, the government started a clamp down on the Internet by blocking access to Twitter, claiming that the social networking site violated the privacy laws of the country.

On Thursday, banned next was YouTube for so-called national security reasons. The Turkish government said a conversation involving its foreign minister, armed forces' senior member and intelligence chief went public. The subject of the conversation was on the militants in neighboring Syria. However, the banning or blocking of these sites ironically happened ahead of the nationwide municipal elections on Sunday. Prime Minister Recep Erdoğan has been in the midst of the corruption scandal after alleged recordings of him telling his son to get rid of hide large sums of cash. He denied the authenticity of the transcript, saying it was a political work of his rival Fethullah Gulen, a cleric.

ⓒ 2018 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Real Time Analytics