More cyberattacks likely from group that took down Chinese search engine

Baidu.com was down for almost four hours. Zhang Binbin/Newscom

The source and motivation behind a cyberattack against China's largest Internet search engine on Tuesday remains unclear, as does its relation to an attack on Google, but more computer networks likely will be targeted, security professionals said.

The same group that took down Twitter in December 2009 hacked China's most popular search engine, Baidu, taking down the Web site for almost four hours.

The attacker changed the Web site's DNS settings, which translate IP addresses into domain names, so visitors to Baidu.com would be redirected to a Web page with an Iranian flag and a message from the Iranian Cyber Army claiming responsibility for the attack.

Whether the group has legitimate ties to Iran or Iranian terrorist organizations is unclear.

"The attack is rather simple," said Johannes Ullrich, chief technology officer for the Sans Institute Internet Storm Center, a Web security monitoring and alerting system. "I doubt that the Iranian government is behind [this]. Sounds more like some kids having fun."

But other security professionals -- including Tom Talleur, a forensic technologist who spent 31 years as a federal criminal investigator with NASA and the Defense Department identifying the source of cyberthreats and tracking down hackers -- are not so sure.

"We are seeing the visible peak of the underground cyberwar that goes on around us 24 hours a day," he said. "Terrorists and governments -- through fronts -- use attacks to test for weaknesses, gauge reaction and build cyberattack playbooks against adversaries. Governments can't stop these attacks because of the [interconnected] nature of the Internet."

The group likely will strike again at another heavily visited domain to ensure continued global attention, said Lars Harvey, chief executive officer of the security software company Internet Identity.

"I do not think it is by accident that two of the top 15 most visited domains in the world were targeted in the span of a few weeks," he said, adding that the threat of such attacks extends well beyond the affected company. "These attacks do much more than trickle to neighboring networks. The poisoned information flows around the world quickly and lingers after the root cause of the attack has been remediated."

A State Department analyst visiting Baidu.com during the attack period, for example, would have been directed to the site put up by the perpetrators, possibly infecting the user's computer and the department's network with malware.

Given the potential threat, determining whether the attack was politically motivated or simply a prank should be a top priority for the federal government, which needs to identify who benefits from the scheme and determine whether any subsequent attacks could more directly target U.S. interests, said a former intelligence official who asked not to be named.

"Each such incident can provide the federal government with a better understanding of the problem -- what's possible, what's not -- and can contribute to the development of strategies and tactics both [for] offensive and defensive cyber operations," the source said.

"This is illustrative of where our adversaries will seek to strike," said Alan Balutis, director of the business solutions group at Cisco Systems and a former chief information officer at the Commerce Department. "It also takes us into the relatively new territory of what constitutes an act of aggression [that] might bring us to the brink of declaring war in today's tech-dependent world. I am sure what has happened in China will be closely watched by the American intel community."

Also unclear is whether or not the Baidu hack is related to a cyberattack against Google , in which hackers tried to access Google e-mail accounts of human rights activists in China. The attacks, which allegedly originated in China, have spurred Google to consider leaving the Chinese market.

"Since we don't have cooperative judicial procedures with the Chinese on cyber matters, companies facing these types of losses in China may have no choice but to bail out of the country," Talleur said.