Less than a month after the so-called “Iranian Cyber Army” reportedly “hacked” the popular micro-blogging site, Twitter, they are back with another attack, this time against another Internet giant, Baidu. Baidu is China’s most popular search engine, as 62 percent of the total number of Web searches in the country are done with it compared with Google’s 29 percent share, according to research firm Analysys International.
Some days ago, users who tried to access Baidu were instead redirected to the following page:
According to Trend Micro advanced threats researcher Paul Ferguson, this attack was not a defacement. It was actually another Domain Name System (DNS) hijacking attack that the group staged to obtain the login credentials to the target site’s registrar account, quite similar to the DNS hacking they did to Twitter.
However, advanced threats researcher Ivan Macalintal found that some details differentiated this attack from the Twitter DNS attack, which he adds, may also be tied to a much larger string of other cybercriminal attacks.
Although cybercriminal activities are mostly tied to gaining profit from their malicious exploits, it seems that we are seeing more and more attacks that are not driven by monetary gain. Specifically, we have observed that politically motivated online attacks, which have been in the threat landscape scene since 2007, are slowly increasing worldwide.
We have not even reached half of January but Trend Micro has already noticed a spike in the number of politically motivated cybercriminal attacks on the websites of high-profile political figures and organizations from different parts of the world, as evidenced by the following blog posts:
- Official Website of Iran’s President, Ahmadinejad, Attacked by Hackers
- Mr. Bean Comes Out of Retirement, Takes Over Spain
- Pakistani National Response Center for Cybercrimes… Hacked!
As of now, it has been reported that some Chinese hackers have hacked several of Iran’s websites right after the Baidu attack happened, apparently in retaliation to the Baidu DNS compromise. Some comments circulating on Web discussions mentioned that Iranians are blaming the Chinese for interfering with their war with Israel, hence the attack on the Chinese site.
Whatever the reason may be, this kind of cybercriminal attack should not be ignored. Although they may seem to be inconsequential right now because they do not really have a direct payload on the part of users, they can potentially pave the way for a more serious threat to emerge—the kind that we mostly just see on movies—cyberwarfare.
http://it.people.com.cn for the screenshots