The group that took down Twitter.com last month has apparently claimed another victim: China’s largest search engine Baidu.com.
Baidu.com was offline late Monday, but at one point it displayed an image saying “This site has been hacked by Iranian Cyber Army,” according to a report in the official newspaper of the Chinese Communist Party and other Web sites.
With more than half of China’s Internet search market, Baidu is by far China’s most-used search engine. The company could not immediately be reached for comment.
Not much is known about the Iranian Cyber Army, which first gained notoriety with its December 18 Twitter attack. Hacking groups such as this are constantly defacing Web sites, but it is extremely rare for them to take down a site as widely used as Twitter or Baidu.com.
According to security experts, Baidu’s domain name records appear to have been tampered with. On Monday, the company was using domain name servers belonging to HostGator, a Florida ISP, instead of the Baidu.com nameservers the company normally uses. “It looks like their domain account credentials may have been snagged,” said Paul Ferguson, a researcher with the antivirus vendor Trend Micro.
That’s the same technique that was used to hijack Twitter, when Iranian Cyber Army hackers were apparently able to log in to the account used to manage Twitter’s DNS records and redirect visitors to another Web server that posted a message similar to the one spotted on Baidu.com. That attack knocked Twitter offline for more than an hour.
Baidu’s domain name registrar, Register.com, could not be reached immediately for comment.
Baidu is suddenly unavailable, with sources all over China confirming this.
It seems that China’s most popular search engine, with a market share of over 77%has been hacked by Iranian hackers.
At present, the website is unavailable, but we have found a screenshot from Twitter user Budi Putra.
It seems that the website has had its DNS hacked by the “Iranian cyber Army”, the same guys that hacked Twitter a few weeks ago. The process, called DNS cache poisoning, is the corruption of an Internet server’s domain name system (DNS) table by replacing an Internet address with that of another, rogue address, in this case what the Iranian Cyber Army want you to see.
Exactly why The Iranian Cyber Army has decided to target Baidu.com is unknown but sources say it might be in relation to Iran’s nuclear ambitions, although no one is certain.