A US judge ruled on Thursday that Baidu (百度) has a “plausible” legal case against a domain registry firm that let hackers commandeer the Chinese Internet search giant’s Web site.
In a partial victory for domain name company Register.com, US District Judge Denny Chin (陳卓光) dismissed five of seven claims Baidu made against the firm, including breach of contract, complicity in trademark infringement and aiding trespass. He only backed two of Baidu’s counts against Register.
“I hold that Baidu has alleged sufficient facts in its complaint to give rise to a plausible claim of gross negligence or recklessness,” Chin said in his ruling. “If these allegations are proven, then Register failed to follow its own security protocols and essentially handed over control of Baidu’s account to an unauthorized intruder, who engaged in cyber vandalism.”
Hackers launched a cyber-attack on Baidu on Jan. 11 by gaining access to the search firm’s account at Register, in a move the firm said cost it millions of dollars.
For about five hours, Baidu traffic was rerouted to a Web page showing an Iranian flag; a broken Star of David, and a written message stating “This site has been hacked by the Iranian Cyber Army.”
Baidu is the world’s third-largest Internet search engine and is reported to control more than 70 percent of the Chinese-language market.
Hackers had seized the Baidu account by duping a Register tech support worker into changing the e-mail address that Baidu had on file at US-based Register, legal documents maintained.
The Register support worker asked the imposter for security verification information, but didn’t bother to check whether it was correct as required by Register policy, according to court paperwork.
The hacker later pretended to forget the Baidu account password and, because of the altered e-mail address, was sent a link granting access and control.
“If Register had simply followed its own security protocols, the attack surely would have been averted and neither Register nor Baidu would have been victimized,” Chin said.
RSS