Baidu, China's largest Internet search engine, was the target of a four-hour cyber attack on Tuesday, the most severe since it was established in 1999.

The company said it had restored services for most Internet users by 6:00 PM.

A hacker group, calling itself Iranian Cyber Army, hijacked Baidu's home page and left a message in Farsi saying that the act was a protest against foreign involvement in Iran's domestic politics.

The attack resembles the one that took down Twitter, the US-based microblogging service provider, last month, in which a group also calling itself Iranian Cyber Army claimed responsibility.

"It is unprecedented," Li Yanhong, CEO and founder of Baidu, said of the incident in a forum run by the company.

In a statement yesterday, Baidu apologized to Chinese netizens for the inconvenience caused by the cyber attack.

It noted that attackers did not try to break into the servers of Baidu but attacked the domain name registrar used by Baidu, which is based in the US. "It is a new phenomenon and sounds an alarm (for online security)," it said.

At about 7:40 AM, Baidu went offline and at times displayed an image consisting of Iran's national flag, words in Farsi and a torn national flag of Israel, a result of Baidu.com being redirected to a website located in the Netherlands.

A screenshot of the defaced site showed an announcement in English that read: "This site has been hacked by Iranian Cyber Army". The sentence below declared in Farsi the establishment of "Cyber Iran to protest the intervention of foreign and Israeli sites in our internal affairs and distribution of false news".

The Iranian embassy in Beijing rejected any speculation that the cyber group is related to its government and warned that someone may use the attack to damage the friendly relations between China and Iran.

"We do not have any information about this group," Mohammad Ali Ziaei, the press officer of the Iranian embassy in Beijing, said, referring to the Iranian Cyber Army.

"It surely doesn't belong to our government," said Ziaei. "Hacking is illegal and we condemn this illegal action," he added.

According to Baidu, hackers ambushed the website by modifying the Domain Name System (DNS) records for the Baidu.com domain after hijacking the servers hosting these records.

Anyone equipped with the right skills could hack websites in this manner and claim to be the Iranian Cyber Army, said Liu Siyu, an engineer at Rising, a Chinese security software company.

Compared with directly infiltrating Baidu's own heavily-armored servers, experts said this kind of cyber attack is relatively easy, because the server hosting Baidu.com's DNS records is managed by a New York-based company, Register.com, that hosts companies other than Baidu.

The hackers are believed to have broken through Baidu's account at Register.com and gained access to alter Baidu's DNS records, redirecting visitors to another server, apparently the same tactics used to knock Twitter offline last year.

Records at Register.com show that Baidu has been using the company's services since October 1999, when the search engine provider was established.

(China Daily January 13, 2010)