Beijing on February 25 afternoon, according to foreign media reports today, a U.S. court has revealed Baidu (NasdaqGS: BIDU) sued the U.S. domain name registrar Register.com in the indictment.
The indictment showed that a hacker last month, Baidu staff through fake Internet chat tool to contact with Register.com, and to the invasion of Baidu's account, resulting in several hours unable to access Baidu.
Baidu said in the prosecution file, in Baidu.com domain name was redirected to a claim that "This site has been hacked by the Iranian Cyber Army" (the Web site by Iranian forces out) of the page, the first on the matter and Register Baidu . com's customer service contact, the other party refused to provide help for Baidu. The indictment filed last month, U.S. District Court Southern District New York, but the court only recently announced a complete copy.
The indictment said, as had been attacked by hackers, Baidu's service interrupted five hours, and the resulting millions of dollars in revenue losses and other costs.
Baidu said the attack began this afternoon of Jan. 11, when the hacker through the Internet chat tool to Register.com fake Baidu's customer service staff for help. Hackers change the customer service representative asked Baidu's e-mail address file. Although this name is not correctly answer the security hackers, but the customer service representative went on Baidu's E-mail is still sent to the confirmation code.
Baidu's indictment shows that hackers can not access because Baidu's e-mail, so he made up a confirmation code, and obtain customer service representative will send it to each other. In the absence of two groups of code than the case, this customer service representative Bianjiang each other's false answers as correct answers, and agree to the hacker's request, will be archived Baidu's e-mail address change "antiwahabi2008@gmail.com . "
Baidu in the indictment, wrote: "In the applicant's safety can not be properly verified, or even provide erroneous information, the two cases, Register.com Bianjiang archived e-mail from a user name contains the account owner's business address, change a clear political message that contains (antiwahabi), and the use of rival Baidu domain (gmail.com) address. it was unbelievable. "
It is not clear "antiwahabi" specific meaning, but it was spelled with a known Wahhabi Muslim (Wahabi Muslim) religious sects coincide. Baidu has not yet comment.
Baidu's indictment revealed that the hackers then use the password for the user forget the "Reset Password" function, required changes Register.com e-mail address to send a new password Baidu account. This name was also changed Baidu hacker then account settings, and will guide visitors to another site, the whole process took less than an hour.
Register.com not to comment, but the company last month said that Baidu's prosecution of "baseless" and pledged to meet the law enforcement investigation.
Register.com and other domain name registration business is to sell domain names (such as Baidu.com), and to provide users with the necessary settings, will guide visitors to the correct site.
Baidu earliest complete copy of the indictment by the domain name web Domain Name Wire published information, the site editor Andelua Zimmermann (Andrew Allemann) said: "It's like someone asking you four digits of social security accounts, and you casually compiled 1, but did not verify. "He believes that if the other domain name registration service agencies to produce additional information that can avoid this attack.
After a similar attack had occurred. For example, a hacker invasion of 2008, the electronic payment service provider CheckFree's account, and modify the information of the company's domain name. Arman said: "Unfortunately, things happen to themselves in before, many companies are not aware of the problem, until paid a heavy price."