Baidu.tw Wasn't Hacked To Show Google, Doesn't Even Belong To Baidu

Lots of interesting commentary in the wake of Google’s bombshell blog post from yesterday about its decision to stop censoring its search results and possibly withdrawing from the Chinese market all together after being hit with severe cyber attacks on its core infrastructure. You can follow the conversation on Techmeme, but there’s one item that just hit the news aggregator that I felt compelled to set straight.

Thomas Crampton correctly notes that Baidu.tw, supposedly owned by Chinese search leader Baidu, is currently getting forwarded to the Google Taiwan homepage (albeit only when you put www in front of the domain name). But it’s false to assume that the site was hacked: the domain name never directed to a Baidu property and is even entirely out of the company’s control. There’s a number of ways you can tell.

Just to be clear, I’m not criticizing Crampton here. After all, the Baidu.com domain name was hacked just yesterday so his assumption isn’t that far-fetched.

However, a simple WHOIS search reveals that the domain name isn’t owned by Baidu but by another entity, either an individual or an organization. The identity (Zheng Xiaodo) and contact details that were given for registration are likely fake, and I seriously doubt the owner really lives in China.

The person who registered Baidu.tw, back in 2005, has used the generic contact e-mail address for at least 99 other domain names in the past. He or she signed up for a webmail account on Chinese portal 21cn.com, an ISP under ownership of a holding called Century Dragon Information Network, which can be perfectly done by anyone outside of the country.

Furthermore, this person used Malaysian registrar (Web.CC) to secure the domain name, and the nameservers that are currently configured for the Web address are also located in Kuala Lumpur, capital of Malaysia. For its other domain names, Baidu uses its own nameservers. It also uses taiwan.baidu.com for its Taiwan operations, although the site is currently offline.

Also, when you look at the cache for Baidu.tw, you can see that just a couple of days ago the domain led to Szhot.com, another domain name registrar.

Finally, when you go to Baidu.tw right now and click around (apart from the top menu), you’ll see that there was simply a change in domain name record settings, likely following the flurry of news about Google’s China stance and the role Baidu plays in all this from yesterday.

In conclusion: Baidu.tw was not hacked; someone is just trying to play a number on Baidu.

(Image via Thomas Crampton)