Twitter hack group hits Baidu.com
Chinese search engine giant in DNS hijack drama
The same group that used a DNS attack to hijack Twitter last month has defaced the home page of Chinese search engine Baidu.
Surfers visiting Baidu site on Monday night were confronted by the message "This site has been hacked by Iranian Cyber Army", together with an image of the Iranian flag. Early speculation suggests the attack involved changing Baidu's DNS records rather than a direct attack on the site itself, but this remains unconfirmed.
The attack might have been used to point the millions of Chinese users who use Baidu every day towards a site that took advantage of browser exploits to infect computer users with malware. So it's perhaps fortunate that the Baidu hack involved only political graffiti.
By Tuesday morning, Baidu's site had been cleaned up. Screenshots of the hack can be found in a blog entry with further commentary on the attack by Sophos here. ®
Oops. Big time.
I suspect that they may have bitten off more than they can chew this time.
The Iranian Cyber Army, soon coming to a plasticised body parts exhibition near you.
DNS hijacking in various forms has been long known to be perfectly feasible, but actually doing it now means a good solid panic frenzy, more "security researchers" shouting for a DNSsec, resulting in exactly that: a signed root with the USoA sitting on the keys. The USoA government taking a step back in name (only) doesn't change that they still have far too much influence for any other ccTLD owner to feel comfortable about that. So if this is a DNS hijack, then oh the irony to have self-professed Iranians do it to a Chinese site.