14 DAY TRIAL // The most popular Web search engine in China, Baidu.com, was attacked by a group of hacktivists identifying themselves as the Iranian Cyber Army. The hackers hijacked the domain's DNS records and pointed it to a server under their control.
Baidu is a Chinese search engine established in 2000. According to the Alexa traffic ranking, the website is currently number one in China and eight in the world. Additionally, Baidu.com dominates the search engine market in the country with over a 77 percent share.
The attack against the search engine occurred yesterday, when for about three hours, its main page displayed the image of the Iranian flag and a message reading "THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY." Additional text written in Persian translates amongst the lines of "The Iranian Cyber Army has been established in protest to foreign countries and Zionists interfering in the domestic affairs of our country and broadcasting false news."
The Iranian Cyber Army is the same group of hacktivists who managed to deface Twitter last month. In that case, it was revealed that attackers obtained unauthorized access to the domain's administration panel using a set of compromised credentials and altered the DNS records.
A similar technique apparently led to this latest incident. Security researchers from Praetorian Security Group, a managed security services provider, report that for the duration of the attack, baidu.com pointed to an IP in the address space of ThePlanet, a U.S. Internet service provider. Normally, being headquartered in Beijing, Baidu Inc. hosts its website and its over 50 services with China Unicom, a large Chinese telecommunications operator.
It is yet unclear why the hackers targeted Baidu, except for attracting attention to their political statements. So far, China did not openly support, nor condemned Iran's nuclear program. Regardless of that, Sophos' Senior Technology Consultant, Graham Cluley, points out that this attack could have turned out much worse. "Imagine how easy it might have been for the hackers to have created a cloned version of the main Baidu webpage complete with a silent invisible-to-the-naked-eye link to a software exploit or piece of malware," he writes.
