in

Details of how Baidu was hacked

On January 12 this year China’s leading search engine Baidu was hacked and showed the message “This site has been hacked by the Iranian Cyber Army”. Nobody knew what happened, but domainnamewire.com now published the  complaint documents (pdf) of a case in which Baidu sues register.com because of the hack.

It turns out that register.com made some major mistakes that led to this hack. An unauthorized person claiming to be an agent of Baidu started an online chat with tech support at register.com and asked to change the email address on file for communication with Baidu. The representative of register.com then sent the imposter a security code that he had to provide. Because he of course had no access to the Baidu account he provided an incorrect code, but the register.com person did not compare the code to the one that was sent out.

Then the email address was changed from an official baidu.com address to an address that clearly does not belong to Baidu: antiwahabi2008@gmail.com. Note that wahabi is the name of a Muslim sect, and that gmail is of course owned by Baidu-competitor Google. From then on it was easy because with this address the password could be reset and the DNS could be changed.

Shortly after that Baidu contacted register.com through an online chat, but register.com refused to help them! Baidu tried to call register.com but was not able to reach anybody. It took a full 2 hours after Baidu started to contact them before register.com started to to take action to help Baidu!

An amazing story because is shows that ignorant irresponsible people are always the weakest link. Baidu lost millions of dollars because of the outage (that lasted up to 2 days) and this was not particularly good for its reputation either, even though it was clearly not their fault. However, Baidu is not completely without fault because it should have taken more precautions to prevent this. There are more secure ways to protect people from taking control of your domain name. Baidu did not specify how much money it wants to have as compensation, but if the details are correct this might cost register.com a lot of money.

For all the details of what happened see the complaint that Baidu filed here: http://domainnamewire.com/wp-content/baidu.pdf

Write a Comment

Comment

  1. M,

    This was just great and I’m going to pass it on. Funny how in the old days the most absolute basic of controls — a domain locking feature — wasn’t even offered by most registrars or hosting companies. Unbelievable, in fact.

  2. It’s pretty amazing that such a huge company can be brought to it’s knees by poor procedures of a 3rd party. Shows that sometimes outsourcing really isn’t the best solution.

    It’s also pretty amazing that it took two days to resolve. I’m surprised that Baidu didn’t have more connections at Register.com to speed the process up a bit more.

  3. I don’t think outsourcing is the problem. If training wasn’t the problem, then outsourcing would not be the problem. It goes deeper than that, and I don’t like to take the position that it’s automatically some foreign devil that leads to one’s demise. We can all improve. That’s what life is for.

  4. Thanks for posting this Marc, good read. Crazy that such a simple thing as domain security could lead to such a big hit. Amazes me (and scares me, though I don’t deal with the company) that register.com would be so irresponsible.