Baidu defaced by ICA after DNS hijacking
by Steve Ragan - Jan 12 2010, 23:25
Baidu defaced by ICA after DNS hijacking.
The Iranian Cyber Army (ICA), not a month after attacking Twitter, has hit again, this time altering the DNS of China’s largest search engine Baidu.
For two to three hours, Baidu was altered to display the ICA markings, until administrators were able to reverse the changes.
Like the Twitter attack, the Baidu attack is political and offered no malicious payloads to those viewing the defacement. While the basics of how Twitter was compromised are all but public record, at this time there are only guesses as to how Baidu managed to get a face lift.
The crew at Praetorian Prefect noted that the defacement pointed the Baidu site to a server in Texas hosted by the Planet, and speculated that “…the changes were initially made at [the] .com level, most likely through Register.com to point the Baidu.com domain name to DNS servers controlled by the attackers.” [Praetorian Prefect]
Aside from the fact that Baidu has returned to normal, officials in China are keeping silent on the DNS hijacking.
It’s interesting to note that this is the second time a major site has been defaced for political means. Another interesting observation is that both defacements were the result of unauthorized access to DNS controls, and not because of a flaw in the site’s code.
In the Twitter attack, while not confirmed by the micro-blogging service itself, the DNS hijacking took place because of a compromised email account used by a Twitter staffer. This account was used to order DNS changes from Twitter's DNS provider Dyn Inc.
Shortly after the Twitter DNS hijack, Dyn Inc. altered their authentication process, and removed the ability to request or reset passwords via email.
It is entirely possible that the Register.com account was compromised in some fashion, but Register.com will not discuss the matter. If so, this moves the discussion forward on the debate over access control within critical infrastructure.
Ten years ago, a username and password worked well when securing access to domain information or DNS records, now there are calls for stronger methods of protection, including layered authentication protocols.
We'll update this story as more information becomes available.
This material was brought to you by Christian Issues Digest, a ministry of Broadcast(B.C.)Christianity, Michael James Stone, Volunteers, and people dedicated to the Love of God and Salvation of Souls. We hope it helps you to face your personal issues daily as a Christian, as well as prepare you for the return of Jesus Christ, He is Coming Very Soon.
Only God can heal hurts often caused by unintentional consequences of actions done by those who don’t know any better, and those who do. We all can only pray the same thing Jesus did when He said. “Father forgive them for they know not what they do” I pray you forgive as He did and we all learn better how to forgive. -Michael James Stone
Broadcast(B.C.)Christianity, operates by you, for you and about you. You can make a difference in someone’s life. “Freely you have received, freely give” Pass this on, everywhere you can, anytime you can, anyway you can. You will be blessed if you do.