Completely coincidentally, we came across Greenberg Traurig’s unfortunate result in a dispute between two piracy* websites on the same day we ran into another, much higher-profile and better-represented domain dispute.
* As caveated in that post
This one features Paul Weiss and Gibson Dunn.
Details after the jump (including a good example you can use when someone asks you what gross negligence is).
Baidu is the Google of China, to use the common metaphor. It’s actually blowing Google away for search in China, but you get the picture. It’s huge.
Register.com is one of the world’s largest domain registrars. It handles the registration and mapping of millions of domain names.
A not particularly sophisticated, but very lucky hacker set his sights on Baidu. He was able to dupe a Register.com agent into giving him access to the Baidu account, which he used to redirect the Baidu domain name to another site. Baidu was effectively down for five hours and took two days to recover.
Baidu, of course, sued for a whole host of losses, and Register.com moved to dismiss, which was denied in large part.
How did the hacker get the access?
The attack was allegedly made possible when a person pretending to be with Baidu called tech support through an internet chat service at Register.com and asked to change an e-mail address on file for Baidu.
The intruder gave the incorrect answer when asked to provide security verification, but was e-mailed a security code anyway. The tech support representative then asked to have the security code repeated back through the chat service and the intruder responded with a different, and inaccurate, code.
But the Register.com representative did not compare the two codes and went on to change the e-mail address, which gave the intruder the chance to access Baidu’s account with Register.com. Once the intruder used the automatic “forgot password” function in response to a request from Register.com for Baidu’s name and password, the intruder went on to reroute the internet traffic.
The part we found particularly hilarious is that actual employees of Baidu then called Register.com and were completely unable to get as much help as the hacker who knew nothing got in the chat room.
Quite a few of the claims were thrown out, but the gross negligence, recklessness, and breach of contract will be allowed to proceed.
Carey Ramos (Yale BA ’76, Stanford JD ’79) and Marc Falcone (Columbia BA ’80, Chicago JD ’83) of Paul, Weiss represent Baidu.
Orin Snyder (Wesleyan BA ’83, Penn JD ’86) and Alexander Southwell (Princeton BA ’93, NYU JD ’97) of Gibson Dunn represent Register.com.
Related posts:
