IT security and data protection firm, Sophos, has reminded websites to properly secure their systems following the overnight attack against Baidu.com, China's number one website. The hackers displayed a message from the “Iranian Cyber Army” on the search engine giant's home page.
Earlier today, visitors to Baidu.com's site were greeted with the message – “This site has been hacked by Iranian Cyber Army” – alongside a picture of the national flag of Iran. The attack appears to be by the same group who posted similar messages on Twitter's website in December, inconveniencing millions of micro-bloggers.
“In China, Baidu outranks Google as the search engine of choice, receiving many millions of visits every day. That makes it an extremely attractive target for cybercriminals. Anyone who manages to breach its security has the potential to make a big impact,” said Graham Cluley, senior technology consultant at Sophos. “Chinese surfers should be breathing a great sigh of relief that the hackers didn't exploit this opportunity to infect computers, and instead engaged in what appears to be political graffiti. Questions will be asked, however, as to how this high profile hack was possible.”
Speculation is mounting that Baidu's web servers weren't actually hacked themselves, but instead its DNS records were compromised. This was how Twitter was struck by the Iranian Cyber Army last month.
“DNS records work like a telephone book, converting human-readable website names like baidu.com into a sequence of numbers understandable by the internet,” explained Cluley. “It's possible that someone changed the lookup, meaning whenever surfers entered baidu.com into their browsers they were instead taken to a website that wasn't under the search engine's control. If that third party website had contained malware then millions of computers could have been infected and identities stolen. Attacks like this are a reminder to everyone that you always need to have security scanning every webpage you visit, even if it's a well-known legitimate website.”