Baidu's domain name records appear to have been tampered with, experts say by Robert McMillan
The group that took down Twitter.com last month has apparently claimed another victim: China's largest search engine Baidu.com.
Baidu.com was offline late Monday, but at one point it displayed an image saying "This site has been hacked by Iranian Cyber Army," according to a report in the official newspaper of the Chinese Communist Party and other Web sites.
With more than half of China's Internet search market, Baidu is by far China's most-used search engine. The company could not immediately be reached for comment.
Not much is known about the Iranian Cyber Army, which first gained notoriety with its December 18 Twitter attack. Hacking groups such as this are constantly defacing Web sites, but it is extremely rare for them to take down a site as widely used as Twitter or Baidu.com.
According to security experts, Baidu's domain name records appear to have been tampered with. On Monday, the company was using domain name servers belonging to HostGator, a Florida ISP, instead of the Baidu.com nameservers the company normally uses. "It looks like their domain account credentials may have been snagged," said Paul Ferguson, a researcher with the antivirus vendor Trend Micro.
That's the same technique that was used to hijack Twitter, when Iranian Cyber Army hackers were apparently able to log in to the account used to manage Twitter's DNS records and redirect visitors to another Web server that posted a message similar to the one spotted on Baidu.com. That attack knocked Twitter offline for more than an hour.
Baidu's domain name registrar, Register.com, could not be reached immediately for comment.
Owen Fletcher in Beijing contributed to this story.
No comments:
Post a Comment