Baidu Inc. (Nasdaq: BIDU), the massive Chinese search engine firm, has been granted the right to pursue a lawsuit against Register.com by Judge Denny Chin of the US District Court for the Southern District of New York.
Last week, Chin gave Baidu the go-ahead to sue the domain name registrar for gross negligence, recklessness, and breach of contract. The court ruled that the domain name service provider was to be held accountable for the cyber attack that left Baidu disabled for five hours.
The suit stems from a January 11, 2010, attack by a group known as the Iranian Cyber Army (ICA) that resulted in the successful hijack of Baidu’s Website. (Remember: The ICA’s first major coup was the hacking of Twitter last December.)
The allegations by Baidu’s legal representatives claim that Register.com gave up control to the hackers, allowing them to re-direct all traffic from their site. The unauthorized access left Baidu virtually off line for the duration of the attack.
Five of Baidu’s seven claims in its lawsuit were tossed out by Judge Chin, including ones pertaining to trademark infringement and aiding and abetting criminal trespassing.
But experts seem to agree that Baidu’s domain name server (DNS) was changed at the registrar level. According to Jeremy Rossi, an Internet security consultant and partner with Praetorian Security Group, a provider of managed security, the hackers could have “managed to obtain a username and password that allowed them to access Register.com's records for Baidu, perhaps by successfully phishing an employee of the US domain registrar, or one of Baidu's workers.”
In any case, the hackers were able to re-route the DNS data to point to various systems controlled by the ICA.
That raises questions about whether any or all domain name providers are liable for future hack attacks and if so, whether the contracts they offer cover these potential problems.
Register.com back in March 2010 filed its own motion
with the Southern District of New York to dismiss Baidu’s charges, claiming in its preliminary statement: “Indeed in numerous provisions of the parties’ contract, Baidu agreed that it would not and could not bring the very claims it now attempts to assert.”
In most cases, a legal contract is binding. But according to Jart Armin, editor of HostExploit.com: “After all, regardless [who] the… perpetrators are, this is a straightforward issue of negligence concerning consumer rights. Neither registrars nor hosts can simply avoid their commercial and consumer responsibilities by using pretty frivolous terms of service, i.e., ‘We are not responsible for any thing
going wrong, even though it is totally our fault’ (my loose interpretation of their TOS).”
Judge Chin’s analysis is similar: “New York courts will decline to enforce a contractual limitation or waiver of liability clause when there is willful or grossly negligent or recklessly indifferent conduct."
Regardless of the outcome of the civil suit, it is obvious there are certain security issues that need immediate attention. As the title of one industry newsletter blog puts it: “Companies Have a Fiduciary Responsibility to Lock down Domain Names.” The article suggests domain name providers can access solutions such as Fabulous’s Executive Lock or Moniker’s Portfolio MaxLock. Each of these services provides another layer of protection the registrars should incorporate into their existing services. And if they don’t, the newsletter says, customers should take their business elsewhere.
This case surely calls up a range of issues and could relate to other registrars, such as GoDaddy.com Inc. and registries such as VeriSign Inc. (Nasdaq: VRSN), which are no doubt watching closely as the lawsuit progresses.
— Chris Poley has been a professional trader for more than 20 years.
cjon316, It may seem simple, but there needs to be an awareness. People and companies are sooo not proactive, it’s laughable. This country and corporate America has fallen so far behind the curve, I'm afraid it will take decades to see the light. Look at Japan two decades and counting.
Ashish, I think five years ago people were apathetic. Now I think there is a good deal of outrage. Everyone in Washington is patting themselves on the back calling an end to the recession. "Just look at the stock market" it tells the story. Yeah the story it tells is how the banks that took the TARP money placed huge bets with nothing to lose but the tax payer’s money. So, the market doubles and they pay themselves record bonuses. The sad truth is no one but they have made any real bank.
So typically, Wall Street is in bed with Washington and the "song remains the same" (to quote Led Zeppelin.) 10.7% unemployment and a continuing contraction in housing prices just doesn't do it for me, how 'bout you?
Dollars and feet... Seems so simple. I know it works, you know it works. Now it is just up to all of us to vote at the ballot box for candidates which support the free market which makes it possible to vote with dollars and feet!
When someone gets paid the same for average or exceptional, expect the average.
Here's further evidence of the disconnect between how ordinary people like you and me think about the Markets are how the Govt/political elite views things
We really need a revolution-3rd party/independent candidates anyone?
My only worry is that have people reached that point of apathy where nobody even remotely cares what is happening to America.If that line has been crossed then its time to move out of America.Thankfully,citizens are starting to wake up (just like in Bell,California) to the shennaigans of Wall Street & DC.
Ashish you make a valid point with the public sector, that situation can only be resolved through the ballot box. But for the sake of this blog, let's keep it to the private sector, or what's left of it. ;>
Mathemagian, I agree whole heartedly, if the service blows, take control of the situation and move your business elsewhere. Even if it is painful and may disrupt your service temporarily we can't be a foot mat to clumsy feet worn by our sales and service providers.
Thats the way a free market is supposed to work.Unfortunately,thanks to excessive Govt. intervention in various sectors of the economy we are no longer a free market economy.In such an oligopolistic system where the Winners and Losers are already decided by the powers that be before hand you want to bet with The incumbents who will keep winning and keep getting propped up by the Govt.
Your thoughts are admirable and the way an economy should run.Unfortunately we are nowhere near a free market economy today and unless we see a revolution in America today,you won't get that kind of an efficient system.
I've always said: if you get lousy service, vote with your dollars and feet.
I once went into a car dealership in the early 80's and spent 25 minutes looking at several cars I was interested in. A bunch of salesmen were sitting in a corner talking and when I decided to take my business elsewhere, one quickly approached me to offer his "services." I politely told him that "since you are apparently making so much money that you can ignore a walk-in customer ready to buy a car, I'll take my business elsewhere."
I walked out and went to another dealer and bought the car I wanted. That dealership went out of business about a year later, even though they had a popular line of cars.
I guess I wasn't the only one to walk with my dollars and feet out of there.
Good point mathemagician, Not only should the domain name registration industry get their collective acts together but any company using them should not only scutinize their TOS contract, but get up and leave if the vulnerabilities still remain.
Hi Natalies_Mommy, It would not surprise me if Judge Chin rules in favor of Baidu and finding register.com negligent for allowing the unauthorized access and hijacking of their Internet traffic.
But in true American fashion, the court of appeals will certainly get a crack at re-trying this case and follow with a fine and a dismissal.
Internet Evolution RSS Updates Want to stay up to date on the topics covered in this article? Use the links below to subscribe to our topical RSS feeds:
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
CBS had been the last major network holdout to acknowledge the Internet as, not only a viable alternative to television, but potentially a profitable alternative.
A trend in the science of marketing and advertising has emerged that threatens to further impinge on our privacy. It involves disturbing and subversive personal data mining and unauthorized surveillance by retailers and advertisers.
Getting to Work on Smart Work: How IT Is Transforming the Implementation of the 'Internet of Things' Organizations in all industry sectors are becoming more instrumented, interconnected, and intelligent -- and that's changing the way they approach virtually every facet of their operations. It's up to IT to help organizations adopt a "Three I's" approach that leverages the emerging Internet of Things and enables them to work smarter. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Nielsen’s recent numbers on the increasing use of texting bode well for enterprise networks. Shunning the phone in favor of text messaging could mean reducing bandwidth.
Cisco's UCS and IBM's zEnterprise have upped the ante for virtualization and 21st century computing. In the future, look for integration of disparate operating systems at the firmware level, self-healing architectures, and workload optimization across entire data centers.
RIM is giving in to demands by India to snoop on encrypted BlackBerry data. It's time to develop cheap or free encryption software for BlackBerrys and other cellular phones.
Nielsen’s recent numbers on the increasing use of texting bode well for enterprise networks. Shunning the phone in favor of text messaging could mean reducing bandwidth.
Two studios have filed suit against an ad broker for placing ads to help monetize P2P sites suspected of copyright infringement. That's taking a dangerous step toward what might be a worthy goal.
By 2014, mobile devices will overtake laptops as the appliance of choice for consumers. But device makers still have some wishes to fulfill, including mobile app simplification and the ability to better perform word processing/spreadsheet functions.
Google's foray into pay-for-view movies may be an indicator that the days of free ad-sponsored content are numbered, or at least that ad sponsorship won't fund nearly enough content.
Online education, improving to better replicate the interactions that occur between teachers and students face-to-face, grew in double digits during the recession. Still, there’s more work to be done.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
