In an attack echoing the one that disrupted Twitter in December, Chinese search engine Baidu fell victim Jan. 12 to the “Iranian Cyber Army.”
For 3 hours today, the Iranian Cyber Army took down Baidu’s homepage and replaced it with a page showing the message, “This site has been hacked by Iranian Cyber Army” against a dark background and the flag of Iran.
According to an analysis by IT consulting company Praetorian Security Group, the IP address baidu.com pointed to temporarily routed to 126.96.36.199 in Houston when Praetorian pinged it, to a site hosted via ISP ThePlanet.com.
“The site normally shows hosts in Beijing, China, hosted by China Unicom,” said a post on the company’s blog. “It appeared last night that the defacement site was hosted at a couple of different places.”
In the Twitter attack Dec. 17, Iranian Cyber Army used a valid set of Twitter credentials to compromise DNS (Domain Name System) records. Praetorian speculated that the same thing happened here.
“If the Website’s DNS records were breached then the hackers would have been able to redirect users who typed www.baidu.com into their browser to a Web server under their control,” blogged Graham Cluley, senior technology consultant at Sophos.
Though the attack appears to have been politically motivated instead of financial, it would have been easy for hackers to create a cloned version of the main Baidu Web page with a software exploit or malware, Cluley said.
“Attacks like this are a reminder to everyone that you always need to have security scanning every Web page you visit, even if it’s an established legitimate Website,” he advised.