China's #1 Search Engine Gets Defaced
More bad news from China – after announcing that IMDb has been put behind the Great Firewall of China, we now hear that Baidu, the number one Chinese search engine has been defaced by a group of hackers calling themselves the “Iranian Cyber Army.” Visitors to Baidu.com were greeted with an image which presents Iran's national flag and the message “This site has been hacked by Iranian Cyber Army” (see image at the bottom).
If the name "Iranian Cyber Army" or if the message "This site has been hacked by Iranian Cyber Army", rings a bell it is because the same hackers managed to hijack Twitter’s DNS last month and thus redirected traffic away from the popular micro-blogging site. Visitors to twitter.com were redirected and presented with an image that also said “This site has been hacked by Iranian Cyber Army”.
DNS, short for Domain Name System converts readable site names like site.com into a sequence of numbers that the internet uses to direct users to a particular site. By changing the DNS, when someone types site.com he is directed to anothersite.com instead of site.com.
“As a result of its huge popularity, it's no wonder that from time to time hackers might try and take advantage of the site, just as top websites can be in the frame for attack in the West. It's not presently clear whether Baidu's site itself was compromised or, as in the case with the Twitter attack, its DNS records. If the website's DNS records were breached then the hackers would have been able to redirect users who typed www.baidu.com into their browser to a webserver under their control,” commented ay Graham Cluley, Senior Technology with Sophos, company that specializes in providing antivirus, anti-spam, spyware removal software, network and internet security, data protection, and computer security solutions.
Everything was back to normal in about 2 hours of the attack. The attack on Baidu seems to be political and not financial. It is a reminder though that someone with malicious exploit could have done the same but instead of presenting a political message could have served malware to Baidu visitors.
“Imagine how easy it might have been for the hackers to have created a cloned version of the main Baidu webpage complete with a silent invisible-to-the-naked-eye link to a software exploit or piece of malware,” added Cluley. “Attacks like this are a reminder to everyone that you always need to have security scanning every webpage you visit, even if it's an established legitimate website.”
If the name "Iranian Cyber Army" or if the message "This site has been hacked by Iranian Cyber Army", rings a bell it is because the same hackers managed to hijack Twitter’s DNS last month and thus redirected traffic away from the popular micro-blogging site. Visitors to twitter.com were redirected and presented with an image that also said “This site has been hacked by Iranian Cyber Army”.
DNS, short for Domain Name System converts readable site names like site.com into a sequence of numbers that the internet uses to direct users to a particular site. By changing the DNS, when someone types site.com he is directed to anothersite.com instead of site.com.
“As a result of its huge popularity, it's no wonder that from time to time hackers might try and take advantage of the site, just as top websites can be in the frame for attack in the West. It's not presently clear whether Baidu's site itself was compromised or, as in the case with the Twitter attack, its DNS records. If the website's DNS records were breached then the hackers would have been able to redirect users who typed www.baidu.com into their browser to a webserver under their control,” commented ay Graham Cluley, Senior Technology with Sophos, company that specializes in providing antivirus, anti-spam, spyware removal software, network and internet security, data protection, and computer security solutions.
Everything was back to normal in about 2 hours of the attack. The attack on Baidu seems to be political and not financial. It is a reminder though that someone with malicious exploit could have done the same but instead of presenting a political message could have served malware to Baidu visitors.
“Imagine how easy it might have been for the hackers to have created a cloned version of the main Baidu webpage complete with a silent invisible-to-the-naked-eye link to a software exploit or piece of malware,” added Cluley. “Attacks like this are a reminder to everyone that you always need to have security scanning every webpage you visit, even if it's an established legitimate website.”
