China’s leading search engine claims a shocking lack of security nous at its chosen domain name registrar was responsible for a prolonged outage last month.
China’s Baidu says in legal papers that that an obvious scammer was able to con Register.com support staff into handing over the keys to its kingdom, resulting in millions of dollars of lost revenue.
Baidu, which commands 70 percent of the Chinese search market, was offline for at least four hours on the 12th of January. During the incident, its baidu.com home page instead showed the messaged “This site has been hacked by the Iranian Cyber Army”.
In its lawsuit, the company claims a Register.com support rep allowed the hacker to reset the administrative email address for the domain to ‘firstname.lastname@example.org’, despite the imposter providing obviously incorrect security codes during an online chat.
The hacker then allegedly used Register’s automated password reminder function to change Baidu’s account password, giving him access to the domain’s name servers. The whole rudimentary scam took less than 45 minutes, Baidu claims.
Baidu is suing for negligence and breach of contract, among other things. Register.com denies the charges. The case is being heard in New York.