Twitter and Baidu hijacked by "Iranian Cyber Army"13/01/2010 Written by Kevin Fernandez (Siegfried)
You probably read that story somewhere last month, on December 17 2009 Twitter’s homepage has been replaced by this message:
“Iranian Cyber Army
THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY
U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don’t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To….
NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA?
WE PUSH THEM IN EMBARGO LIST ;)
They “simply” hacked their registrar (dyndns) and modified their DNS entries.
Yesterday the Baidu homepage, China’s n°1 search engine, got defaced by the same attacker and with the same method, but this time register.com was the vulnerable registrar.
According to AFP, the page was carrying the following message in persian:
“In reaction to the US authorities’ intervention in Iran’s internal affairs. This is a warning”
According to The Media Line, some Iranian governments websites have been taken down by Chinese hackers in response to the hijacking.
These attacks on registrars are nothing new, we published some articles last year about their increase, saying that registrars were often the weak link of the internet sites security:
We didn’t get any of those notifications (twitter, baidu), in the future, if you happen to see a defaced site while browsing, feel free to submit it to us, anybody can do this and it is anonymous (here).
Please send your twitter.com and baidu.com defacements screenshots to email@example.com, we will publish them.
Here is the screenshot of the baidu.com defacement (thanks to Gary Warner).
Gary Warner published 3 interesting articles about the incidents and Iranian Cyber Army:
http://garwarner.blogspot.com/2009/12/who-is-iranian-cyber-army-twitter-dns.html Who is the “Iranian Cyber Army”? Twitter DNS Redirect
http://garwarner.blogspot.com/2010/01/iranian-cyber-army-returns-target.html Iranian Cyber Army returns — target: Baidu.com
http://garwarner.blogspot.com/2010/01/minipost-cnircyberwar.html The Chinese hacker groups response to the hijacking