Last month, Twitter was hacked and defaced by a group which claimed itself as the “Iranian Cyber Army”. And now the infamous guys have set their targets to China’s largest search engine — Baidu. Early this morning (Beijing time), Baidu was inaccessible in all cities and provinces in China, including other countries from all over the world. Instead of seeing the usual Baidu search engine page, Internet users were utterly shocked to find a message saying “‘This site has been hacked by Iranian Cyber Army”, complete with an Iranian flag and a shattered Star of David. Below a sentence in Farsi read, “In reaction to the US authorities’ intervention in Iran’s internal affairs. This is a warning.”
According to security experts in China, Baidu’s DNS records appear to have been tampered with. There have been quite a number of changes of the records due to backdoors of Register.com (company that host Baidu.com). Here’s what exactly happened.
At 9 a.m., Baidu’s Name Server record was switched to YNS1.YAHOO.COM and YNS2.YAHOO.COM by hackers. Yahoo noticed that and set up a reverse proxy for Baidu.
At 10 a.m., Baidu’s Name Server was again modified to NS2303.HOSTGATOR.COM and NS2304.HOSTGATOR.COM, and pointed to 127.0.0.1, which caused Baidu.com and all its sub-domains to be inaccessible at all. Both Baidu engineers who were desperate to restore the site and the Iranian Cyber Army were involved in a “tug-of-war”.
At 11 a.m., Baidu’s DNS has been changed back to DNS010.D.REGISTER.COM, DNS050.C.REGISTER.COM, DNS190.B.REGISTER.COM, DNS204.A.REGISTER.COM.
At 12 p.m., the Chinese search engine juggernaut won the three-hour-long battle after changing the DNS records back to DNS.BAIDU.COM, NS2.BAIDU.COM, NS3.BAIDU.COM, NS4.BAIDU.COM.
During the downtime, millions of Chinese Internet users flocked to Google instead. According to sources, traffic to Google.cn during that time increased drastically by 30%.
This was the same technique used by the Iranian Cyber Army few weeks ago. The main reason why Twitter was targeted the Iranian Cyber Army was because the micro-blogging platform was unwittingly involved in Iranian politics. When Iran’s disputed presidential election spiraled into bloody protests, the opposition used Twitter and other social networking sites to inform the world. Twitter was even asked by the U.S. State Department to postpone a planned shutdown for maintenance, and this angered the guys behind the Iranian Cyber Army.
However, it was unsure why the same hackers have decided to take down China’s Baidu. Some sources claims that it was due to it might be in relation to Iran’s nuclear ambitions. Meanwhile, the Chinese media reported that security experts could not figure out the main gist behind the DNS hijack.