Baidu Sues U.S. Firm over Attack While Google's China Fight Builds
"Baidu's complaint alleges that on Jan. 12, 2010 (Beijing time), as a result of the gross negligence of Register.com, Inc., its U.S. domain name registration service provider, the domain name resolution of www.baidu.com was unlawfully and maliciously altered," the company said in a statement.
During the attack, Chinese users visiting Baidu were greeted by a banner trumpeting the "Iranian Cyber Army," featuring an Iranian flag and a shattered Star of David. The assault prompted Chinese users to retaliate with a wave of cyberattacks against Iranian Web targets that may not have been the perpetrators. But concealing identity is a key aspect of cyberwarfare, so it's possible that an attacker disguised itself as Iran -- just as Chinese attacks against Google and other U.S. tech companies were disguised to appear to have come from Taiwan.
In a statement, Register.com called Baidu's lawsuit "completely without merit."
"Register.com takes cyber-terrorism very seriously and we are working closely with federal law enforcement officials who are investigating this crime as well as the recent similar attacks on Twitter and Google," the company said. "Register.com continuously works to enhance its security processes and to safeguard customers from these increasingly sophisticated attacks."
Baidu: A Proxy for the Chinese Government?
Baidu's legal gambit, clearly designed to send a geopolitical message, comes as the furor escalates over Google's challenging China over cybersecurity and free speech. Like most Chinese industry leaders, Baidu has close ties to the Communist government and is the latest major international Web company to jump into the growing cybercrisis.
Baidu has been racked by management upheaval. Two days ago, the Chinese search leader said C.T.O. Yinan Li had left -- Baidu's second top executive to leave in a month, following the resignation of C.O.O. Peng Ye. Both were said to leave for personal reasons.
Given Baidu's importance and China's controlling role in its domestic industries, it's difficult to imagine that Baidu acted without the government's support, or at least its knowledge. For the last week, China has been trying to contain its Google dispute within the business realm. And Baidu's lawsuit seems designed to send a not-so-veiled message to Google and the U.S.: China, too, can play the cybervictim.
India Blames China For Cyberattack
In another sign of the widening crisis, India joined the fray, accusing China of orchestrating an attack on Indian government computers on December 15.
China denies the charge. "These accusations are groundless," Foreign Ministry representative Ma Zhaoxu told reporters, according to a report by the Press Trust of India. "The Chinese government is firmly against hacking activities and will deal with relevant cases in accordance with the law." Ma asserted that China was the "biggest victim" of cyberattacks.
On Monday, M. K. Narayanan, India's national security adviser, told The Times of London that Indian computer systems -- including those in his office -- were targeted on December 15, around the time that Google and other U.S. firms detected a barrage of cyberattacks from China. "This was not the first instance of an attempt to hack into our computers," Narayanan told The Times. "People seem to be fairly sure it was the Chinese," Narayanan said. "It is difficult to find the exact source, but this is the main suspicion. It seems well founded."
Late last week, researchers at Verisign iDefense labs identified the command-and-control servers behind the attack on Google, saying "the attack is the work of actors operating on behalf of or in the direct employ of official intelligence entities of the People's Republic of China." On Friday, Jon Huntsman, U.S. ambassador to China, acknowledged that China-based attacks on U.S. government computers have been "ongoing for a long time."