More Details on the Baidu Hack Emerge

Article by George Norman (Cybersecurity Editor)

on 13 Jan 2010

Yesterday we reported that China’s number one search engine had been hacked by a group of hackers calling themselves the Iranian Cyber Army. Visitors to Baidu.com were presented with an image of the Iranian flag and message that read “This site has been hacked by Iranian Cyber Army.” Normal Baidu service was restored within a couple of hours, but no details on what exactly happened were released.

This was not the first time the Iranian Cyber Army defaced a popular site. Back in December the same Iranian army managed to hijack Twitter’s DNS (Domain Name System) and direct traffic away from the micro-blogging site and towards an image of the Iranian national flag and the same “This site has been hacked by Iranian Cyber Army” message.

DNS, for those of you that do not know this, converts readable site names like site.com into a sequence of numbers that the internet uses to direct users to a particular site. By changing the DNS, when someone types site.com he is directed to anothersite.com instead of site.com. Since the Iranian Cyber Army used DNS hijacking when they attacked Twitter, it was believed that they used the same technique against Baidu. As it turns out, we weren’t wrong to believe this.

“Services on Baidu's main website www.baidu.com were interrupted today due to external manipulation of its DNS (Domain Name Server) in the U.S. Baidu has been resolving this issue and the majority of services have been restored," Baidu spokesman Victor Tseng said in a statement.

According to Wang Zhantao, an expert with Beijing Rising International Software Co. Ltd, Baidu has an “almost perfect inner security system” but DNS security is the responsibility of domain name registers. The Iranian Cyber Army, by successfully social engineering the domain registrant, a Baidu employee with access to the control panel, managed to direct traffic away from Baidu.com and towards the site of the Iranian Cyber Army’s choice.

Attacking Twitter left some mumbling with discontent, but no retaliation ensued. Well, when you attack China’s biggest search engine you are going to ruffle a few feathers. Like for example the highly developed collectivist hacking community Honker Union for China. The Chinese hackers have started to deface Iranian sites as retaliation for the Baidu DNS hijacking. The Honker Union for China says the retaliation is meant to “let the world hear the voice of China” and “defend the country’s dignity across the world“.


Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all