You are using these words, but I don't think you know what they mean.
The SOA record is almost irrelevant in this case, unless you are seeing some trickery where they set high TTLs or something to keep the "hack" around longer after it has been corrected.
There is only one root (which is kinda what makes it a root) - and in this case the root servers are doing their job just fine. DNS is hardly even involved. As far as I can tell this was simply a compromise of the web UI that allows for the management of domains under the .ps ccTLD. Probably just another sloppy front end developer.
Forgive me, it has been several years since I dealt with DNS authority, however it still does not change the argument that it was not google who was 'hacked'...the title of this post is just blatantly wrong.