Baidu: Register.com replaced its DNS credentials for some guy in a chat room

2 minute read

Last month, Baidu, the leading search engine in China, filed suit against US-based Internet registrar Register.com, in a legal event that took place at the height of the debate over Google’s continued business dealings with China. Baidu accused the registrar of changing its DNS records, so that customers were redirected to a completely different site purporting to represent the “Iranian Cyber Army.” But that original suit was heavily redacted, so we didn’t know the specifics of the alleged defacement. This week, US District Court in New York released the unredacted version of Baidu’s complaint, and now, as the man once said, we know the rest of the story.

The basis for Baidu’s allegation that Register.com knowingly and willfully damaged Baidu’s property, and thereby its reputation, is that one of its customer support agents changed Baidu’s DNS records literally on the request of a guy who showed up in Register.com’s support chat room. Supposedly, he pretended to be Baidu (“Mr. Baidu,” perhaps?). And although records show the support personnel asked him to verify his identity by sending back the security code that was just sent to the e-mail address on record as Baidu’s authoritative address, the fellow instead responded with a made-up bunch of numbers…which the agent then accepted as valid.

What happened next, by Baidu’s account, could be the subject of a reality show about the world’s most flagrant acts of fraud…assuming, of course, the registrar’s support agent wasn’t in on the deal from the beginning.

“Incredibly, Defendant [Register.com] thus changed the e-mail address on file from one that was clearly a business address and contained the name of the account owner, to an e-mail address that conveyed a highly politically charged message (“antiwahabi”), with the domain name (“gmail.com”) of a competitor of Baidu, at the request of an individual who not only could not produce the correct security verification, but actually produced false information twice during the verification process.”

The search engine’s lawyers then go on to say that Register.com’s personnel (perhaps the same person) actually refused to speak with representatives from the real Baidu (whose e-mail address probably includes “baidu.com” or “baidu.cn”), either via online chat or telephone, throughout the two-day period that service was redirected to the “Iranian” site.

No reason has been publicly given for the release of the unredacted complaint, or why it was redacted to begin with. However, one possible reason could concern national and international security. If government agencies were investigating the ties of the “Cyber Army” to the real government of Iran, then perhaps the release of the unredacted version indicates that no such ties were discovered.

Leave a comment