Security is an illusion and Sanmay Ved has made an perfect proof of concept on why it is an illusion. Sanmay Ved owned and controlled the Google.com domain for a whole minute, and he got the domain, by simply following legal steps to obtain the domain.
Yes – he purchased it via the Google Domains service (How ironic is that right?!). He was able to purchase the domain for only 12 dollars, and has published all the notifications and steps on his blog so you can see it with your own eyes.
Now here comes the part that troubles me. Google.com is massively visited, and just imagine, what could have happened if an Exploit Kit would have been running on that domain. Millions of devices would have ended up infected within that minute. It is still not clear on how Sanmay Ved was able to purchase the domain.
Did Google simply forget to extend the domain registration of Google.com ?!
Now here comes the second part which I wonder about. What would have happened if an Exploit Kit would have been hosted on the Google.com domain?! Would the C&C server(s) be able to operate all those zombies instantly?! That would be the mother of Botnets!
So, are you technical, and do you have an idea what would be needed to control such an botnet? Then please do not hesitate to share your info in a comment below!