We were the first publication to report that Baidu, China’s most popular search engine, had been hacked.
The site’s DNS had been redirected and had you visited the site on January 12th through to the 14th, you would have seen “Iranian Cyber Army” plastered all over it(right).
You can read full details of the event here.
Later, Baidu sued Register.com for allegedly allowing a security intrusion that enabled the hackers to change the sites name servers. Today domainnamewire.com published the complaint documents of the case.
This is the part where it gets unbelievable. It transpires that the hacker, claiming to be an agent of Baidu, started an online chat with tech support at register.com and asked to change the email address on file for communication with Baidu. The representative of register.com then sent the imposter a security code that he had to provide. Because he of course had no access to the Baidu account he provided an incorrect code, but the register.com person did not compare the code to the one that was sent out.
Then the email address was changed from an official baidu.com address to an address that clearly did not belong to Baidu: firstname.lastname@example.org. It has “danger” written all over it and significantly, wahabi is the name of a Muslim sect. From then onwards, everything was easy for the hackers and the DNS was changed.
Shortly after, Baidu contacted register.com through an online chat, but register.com refused to help. Baidu tried to call register.com but was not able to reach anybody. It took a full 2 hours before Baidu was able to speak to anyone from the company and resolve the DNS issues, and almost two days before everything had returned to normal.
How on earth the hacker managed to convince this tech support person to change the email address, I’ll never understand. Baidu will have lost millions because of the outage, but if the details are correct, register.com are going to be left out of picking up the tab.
Wonder where that support employee is now.
Via Marc van der Chijs’s Blog.