When the announcement of a ...
How Baidu Was Hacked. This is Borderline Unbelievable…
We were the first publication to report that Baidu, China’s most popular search engine, had been hacked.
The site’s DNS had been redirected and had you visited the site on January 12th through to the 14th, you would have seen “Iranian Cyber Army” plastered all over it(right).
You can read full details of the event here.
Later, Baidu sued Register.com for allegedly allowing a security intrusion that enabled the hackers to change the sites name servers. Today domainnamewire.com published the complaint documents of the case.
This is the part where it gets unbelievable. It transpires that the hacker, claiming to be an agent of Baidu, started an online chat with tech support at register.com and asked to change the email address on file for communication with Baidu. The representative of register.com then sent the imposter a security code that he had to provide. Because he of course had no access to the Baidu account he provided an incorrect code, but the register.com person did not compare the code to the one that was sent out.
Then the email address was changed from an official baidu.com address to an address that clearly did not belong to Baidu: antiwahabi2008@gmail.com. It has “danger” written all over it and significantly, wahabi is the name of a Muslim sect. From then onwards, everything was easy for the hackers and the DNS was changed.
Shortly after, Baidu contacted register.com through an online chat, but register.com refused to help. Baidu tried to call register.com but was not able to reach anybody. It took a full 2 hours before Baidu was able to speak to anyone from the company and resolve the DNS issues, and almost two days before everything had returned to normal.
How on earth the hacker managed to convince this tech support person to change the email address, I’ll never understand. Baidu will have lost millions because of the outage, but if the details are correct, register.com are going to be left out of picking up the tab.
Wonder where that support employee is now.
Via Marc van der Chijs’s Blog.
Shit, that's quite unbelievable.
Wow. Pretty funny how one guy fooled this company and lost this one company tons of $.
Correct: you were not the first to report the hacking – it was all over Twitter way before your report.
Correct: you were not the first to report the hacking – it was all over Twitter way before your report.
jeez…So now a 140 character tweet is the same as an article?
jeez…So now a 140 character tweet is the same as an article?
Absolutely unreal, I am curious to know what register.com is doing to ensure that their representatives never let something like this happen again. It seems like common sense would have prevented anyone in that position from allowing this to happen but apparently not all of their representatives possess that basic skill.
Ahhh Social Engineering at its 'best'…
I know…sad isn't it…but true.
Dang, First Twitter, Facebook, Wordpress, and Blogspot. When will we be able to stop these guys? Not only that but they seem to always attack DNS except for the denial of service attack on twitter. I just hope for our sake it is not a group of people and just one hacker so we can shut them down.
Haha. Dumbass.
Haha. Dumbass.
A case study reminder, people remain the weakest link in any security environment.
so if I get emails from taliban1982@hotmaill.com, I'm to ignore them then
The sad thing is, that for us mere mortals, register.com are going to make everything so painfully difficult and protracted.
Companies often forget that the biggest hole in their security is the people. Especially the people at the low end of the totem-pole. Even if security audits try to test these approaches, you'll never be able to think the way an attacker would.
antiwahab=antitaliban therefore if you Receive an email from Taliban you can trust them that they are not hackers:))