[ISN] Baidu: Registrar 'incredibly' changed our e-mail for hacker

From: InfoSec News <alerts_at_private>
Date: Thu, 25 Feb 2010 00:55:57 -0600 (CST)
http://www.computerworld.com/s/article/9162118/Baidu_Registrar_incredibly_changed_our_e_mail_for_hacker?taxonomyId=17

By Owen Fletcher and Robert McMillan
IDG News Service
February 24, 2010

A hacker who took down top Chinese search engine Baidu.com last month 
broke into its account with a U.S. domain name registrar by pretending 
to be from Baidu in an online chat with the registrar's tech help, 
according to a lawsuit filed by Baidu.

Support staff at the registrar, Register.com, then refused to aid Baidu 
when first contacted about Baidu.com redirecting users to a Web page 
that declared, "This site has been hacked by the Iranian Cyber Army," 
the Baidu complaint alleges. The complaint was filed last month in U.S. 
District Court for the Southern District of New York, but the court only 
recently released an unredacted copy of the complaint.

The complaint says Baidu's service was disrupted for five hours by the 
hack and seeks millions of dollars allegedly lost in revenue and other 
costs.

The attack began on the afternoon of Jan. 11 when the hacker contacted 
Register.com tech help via online chat and claimed to be from Baidu, the 
complaint alleges. The attacker asked a support representative to change 
Baidu's e-mail address on file. The representative then sent a 
confirmation code to Baidu's e-mail account even though the hacker 
answered a security question incorrectly, the complaint alleges.

[...]


___________________________________________________________
Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
http://conference.hitb.org/hitbsecconf2010dxb/
Received on Wed Feb 24 2010 - 22:55:57 PST

This archive was generated by hypermail 2.2.0 : Wed Feb 24 2010 - 22:58:04 PST