A group calling itself the ‘Iranian Cyber Army’ this morning claimed responsibility for a strike that caused Chinese search engine giant Baidu to go offline for approximately four hours.
Visitors to Baidu following the attack were instead shown an image of the Iranian flag accompanied by the message “This site has been hacked by the Iranian Cyber Army”, written in Farsi. Access to Baidu has since been restored, but in an emailed statement to the Reuters news agency the company acknowledged that its US domain registration “had been tampered with”.
Last month, Twitter was the subject of a similar attack from the same organisation, prompting media outlets to speculate that the popular micro blogging service had been targeted due to its use as a tool in organising nationwide protests after Iran’s controversial election result in June 2009. So far, it remains unclear why the hackers chose Baidu, which enjoys some favour with the Chinese government.
Rather than tampering with websites’ servers themselves, the Iranian Cyber Army’s preferred method appears to be altering the DNS servers and redirecting visitors away from the ‘hacked’ website.
Rik Ferguson, a spokesman for security firm Trend Micro, told the BBC at the time of the Twitter attack: “These changes mean that when you or I type a website address into our browsers, we are directed not to the real website, but to a second site, set up by the hackers, in this case the ‘Iranian Cyber Army’.” The result, he added, is the impression that the targeted site’s servers had been hacked, without this actually being the case.
Shortly after Baidu went down this morning, the Iranian website room98.ir appeared to be the victim of a counterattack from an organisation calling itself the ‘Honker Union for China’, when it too went offline.