January 12 morning 7:40, Beijing netizen Wang Hao (a pseudonym) opened Baidu as usual, but found that this site has been unable to access, click on the page to open the "Yahoo's error" or with a country flag pagesThere is a saying on this page show the site has been the country's "cyber army" attacks.
Baidu is Wang Hao will be logged daily to collect information on Useful site.The use of frequent, Wang Hao and even become a home based Baidu.Baidu's page suddenly will not work, so that Wang Hao immediately know what to do.
In Sina microblogging (t.sina.com.cn), the "Baidu is black" enough topic Dengbang day to catch up with the Ranking weeks on the "Avatar."In addition to outside users in Beijing, Liaoning, Jiangsu, Sichuan, Anhui and other provinces of the users posted messages on the collar, said he could not open log Baidu page, or open Yahoo after the jump to an English page.
Baidu company is busy at this time into a ball."Our technicians are working intensively to resolve this issue." 12 am, Baidu side told reporters, "We received countless telephone inquiries related to the situation."
This is Baidu's history suffered the most serious and longest attack.As of 11:10 pm the day before, Beijing users can log on baidu.com page.Users can not log on for up to two hours.
Over the past 10 years, except September 12, 2006 suffered a brief hacker attack, the Baidu's service is safe at.The country's top high-tech companies the attack, to enable more Internet companies lost their sense of security.
"DNS server (Domain Name System) beginning with the creation of technical defects." Trend Micro's product marketing manager, said Zheng Hongqing 12 in the world-level security conference, technical experts have repeatedly proposed to strengthen the security of DNS services.
Who did it?
Baidu was black an hour later, Baidu announced the official message: "As www.baidu.com domain name registration business in the United States Department of the domain name resolution is illegal tampering, resulting in not a normal visit. Baidu departments are actively seized of the matter."
Reporter domain name query access to professional web who.is, show the result, Baidu's domain name registration business in the United States as REGISTER.COM, INC.Creation date of October 11, 1999, maturity date of October 11, 2014.In accordance with the official interpretation of Baidu, flawed link appears in REGISTER.COM, INC on.This is a major domain name provider.
"Hackers are accessed through the domain name provider website, modify the way information is an end Baidu." Baidu area the afternoon of 12 told reporters, "but we do not know, Baidu Why are black."
Baidu said in a public statement: "Baidu lawless elements and did not attack the server, but select the domain name registration business to attack U.S. targets, a phenomenon that deserves our vigilance."
Microsoft security service providers know that Zhao Wei Chong-yu, founder, through technical means, generally difficult to check the real information to the hacker.But few signs of judgments, Baidu is the black case is the personal behavior of foreign private hackers.
"Although the claim that the site appears on the page was attacked in a country's cyber army of words, but by the government are very small for the possibility." Zhao Wei said, "Government Butaikeneng for Taixing site Zuochu such adverse effectsstupid behavior. "
The behavior of most of the basic old hackers are linked with the commercial purpose and instead attack e-commerce, anti-virus and other sites will not only undermine the website's home page.It is understood that being black in the Baidu page, if the IP address through the input, still able to obtain normal service.
According to well-known domain name broker and founder of respect meter net peak royal introduction, the domain name was hijacked is often the case on the Internet.Internet security is low in the previous few years, the flow of large sites often become the object of abduction, but after the jump page hijacked more than point to "robbers" ad page or their wish to be concerned about the site, sometimes ahours of the hijacking will be able to as "kidnappers" will bring tens of thousands of advertising traffic.
"Baidu hijacking if the commercial interests involved, the offender sentencing is expected to more serious," Crown Peak said, "but this time turning the pages hijacked Baidu is" XX number of theater "and" can not be displayed "page, do notexclude more of spoof or other reasons.
Crown Peak also raised their doubts - if Baidu's domain name registration companies in the United States problem, except for the slow response of the region, as the backbone of Beijing and Guangzhou should appear the same result, but the morning hours of Guangzhou and the United States, Californiaarea can still access Baidu normal web pages, so the problem may also occur in the Beijing area operators to provide domain name resolution office.
The interests of the two-hour blood loss
Area on the 12th night Baidu, said: "As of now, Baidu users access in most countries and regions had returned to normal. Global Internet users is expected to soon be able to access Baidu by www.baidu.com normal."
But was black over two hours, the loss of interest has become a huge black hole.The other, led by Google.cn search engine is to benefit.Literary website dependence on search engine traffic as an example, according to Internet statistics company CNZZ disclosure of data, through Google's search products related to the output of visitors to such sites can raise the average rate of 35% or so.
In this domain name hijacking, a number usually on the output of the visitors are very dependent on Baidu's site a great impact on Baidu put in a bid in the life of fashion advertising site for people 12 in the morning, said by telephone to CNZZ daymorning hours of visits among the websites icon near the "zero discharge."
A search keyword agent that is because keyword clicks, this time the user clicks that occurred would be affected, but the cost of advertisers will not be wasted, unless certain events occur in accordance with the display of the type of advertisements"The most direct is that Baidu in this time period will reduce the part of their income."
Baidu has not yet released the official extent of the loss.It will damage for Baidu sued Baidu side said "There is still not clear."
Similarly, a mystery is that the "robbers" in motive.
With the rapid growth of the Internet population worldwide audience, hackers are also changing, with the early hackers to show off pride concealed Jishu different now with a lot of cyber attack of political aims and aspirations of its high profile as a means of manufacturing Sheng Yin, "TakingDNS domain name well-known site was considered a very effective way. "
In response, the domain experts in Shenyang that Baidu hijacking incident has exposed the well-known company security guard."While Baidu has registered cn, com and net number of domain names, but it is still used. Com domain name resolution mainly separate, multiple domain names ahead of time if Baidu's independent analysis, this incident could have been avoided."
Shenyang, 12 in the morning for the transfer of the domain name Baidu.com database (Whois), found that the Domain Name Server (DNS Servers) using Yahoo's two servers.This morning, visit with a friends page and jump to yahoo hacker claims to be consistent with a country.
Shenyang further visits are Baidu (Shanghai) Corporation All Baidu.net, and the domain name baidu.cn and baidu.com.cn, their database (Whois) show normal, but the visit but had not succeeded, "This seems to imply that Baidu anddo not resolve these three important domain. "
"Baidu had just opened a baidu.com domain name for the main baidu.cn is not frozen, resulting in being attacked once baidu.com, baidu.cn can not be enabled at the critical moment, Google is doing a more comprehensive, eveng.cn also enabled. "Shen Yang said.
Crown peaks that were independent of multiple domain names resolve to reduce the risk of being attacked in a domain, or failure, it may start the other domain.
DNS server of the patients
Baidu is in black not long ago, on Dec. 18, 2009, the U.S. social networking site Twitter has also suffered major hacker attack, the visitor is redirected to a page that has been tampered with.An attacker claiming to be a country of "network units", and write the page number of anti-American rhetoric.
These two hackers have some similar event.Baidu and Twitter are popular gathering a large number of popular sites, concerned about the very high degree.Once black, have drawn the attention users and public opinion.Both are black scenes are exactly the same, are claimed to be a country hackers.
"Difficult to see from the domain of attack, large sites and small sites is not much different. Hacker attacks domain name providers, mainly through the way to proceed, there is no direct relationship with the Internet company." Zheng Hongqing Trend Micro product marketing manager, said, "but a largeWeb site traffic a large, high concern, vulnerable to hacker attacks, it is common sense category. "
Duba technical director Chen Yong said the domain management control is not within the scope Baidu, after the attack, in addition to the domain name provider Baidu enhance communication, strengthen surveillance, improve reaction speed, the "can do might just change the domain provider."
Present difficulty is that no matter Which domain name service provider of domain name system can not guarantee absolute security.IP address information is not a good memory, so the network appears in the domain name.Enterprise DNS server domain through analysis, that tell visitors what your site is in IP host in order to achieve normal service.DNS servers from domain name registration service provider.
DNS server implementation is a jump function, resource-small, therefore, often a large number of domain names corresponding DNS server address.This allows hackers to attack the DNS server as long as, you can resolve the address corresponding to any point designated by the website hackers."
One foot step ahead, "now the domain of security management to achieve one hundred percent, or less likely." Zhao Wei said, "had broken out, the domain name provider only by way of plugging the loopholes to avoid the incident re-happen. "
"Technical means to see from the current, domain name registration service provider services in recent years to improve the lot, but they keep hackers or in the process of the game." Million net and vice president Ma Wenjia said, "Internet users need and Domain Name Serviceproviders to strengthen cooperation and jointly overcome this problem. "
Baidu 12, an official statement later in the day when called by DNS vendors "to strengthen the construction of network security," and said he "is willing to actively cooperate."