The group that took down Twitter.com last month has apparently claimed another victim: China's largest search engine Baidu.com.
Baidu.com was offline late Monday, but at one point it displayed an image saying “This site has been hacked by Iranian Cyber Army,” according to a report in the official newspaper of the Chinese Communist Party and other Web sites.
A Baidu representative confirmed services on the site had been interrupted by “external manipulation” of its domain name server in the U.S. The company has restored the majority of services, the representative said half a day after the disruption. With more than half of China’s Internet search market, Baidu is by far China’s most-used search engine.
Not much is known about the Iranian Cyber Army, which first gained notoriety with its December 18 Twitter attack. Hacking groups such as this are constantly defacing Web sites, but it is extremely rare for them to take down a site as widely used as Twitter or Baidu.com.
Security experts were quick to point to Baidu’s domain name records as the focus of the hack. On Monday, the company was using domain name servers belonging to HostGator, a Florida ISP, instead of the Baidu.com nameservers the company normally uses. “It looks like their domain account credentials may have been snagged,” said Paul Ferguson, a researcher with the antivirus vendor Trend Micro.
That’s the same technique that was used to hijack Twitter, when Iranian Cyber Army hackers were apparently able to log in to the account used to manage Twitter’s DNS records and redirect visitors to another Web server that posted a message similar to the one spotted on Baidu.com. That attack knocked Twitter offline for more than an hour.
Baidu’s domain name registrar, Register.com, could not be reached immediately for comment.
Owen Fletcher of IDG News Service in Beijing contributed to this story.