Indian embassy websites in seven different countries have been hacked, and attackers have leaked personal data, including full name, residential address, email address, passport number and phone number, of Indian citizens living abroad.
This incident is extremely worrying because it involves diplomatic personnel working in the embassies that have always been a favorite target of state-sponsored hackers launching cyber espionage campaigns.
Security pen-testers who go by the name Kapustkiy and Kasimierz have claimed responsibility for the hack and told The Hacker News that the reason behind the hack was to force administrators to consider the cyber security of their websites seriously.
In Pastebin link shared on their Twitter account, the hackers claimed to have hijacked Indian Embassy websites in Switzerland, Italy, Romania, Mali, South Africa, Libya, and Malawi and leaked personal details of hundreds of Indians, including students studying abroad.
"We did it because their security was poor, and several domains related to the Indian Embassy had the same vulnerability. This proves that a lot of people can not trust the "Embassy." We hope that this problem will be fixed in the future." hackers told The Hacker News via email.
"We did not do it for the lulz or something, but we did just for them to pay attention to the issues with their crucial websites. Also, we did not leak anything like their real address, city or zip code, which is available in the database." The leaked data shows that the targeted websites are so insecure that even user and admin passwords are also stored in plaintext without any hashing mechanism.
Is India Prepared for Cyber Attacks?
this is not just the first time when hackers have targeted Indian embassies. In the month of June, seven other High Commission websites in Tajikistan, Romania, Greece, Turkey, Mexico, Sao Paolo and Pretoria were hacked and defaced by Pakistani hackers.
However, it seems like the Indian government did not take the incident as a lesson to tighten the security of its critical infrastructure that is all time favorite target of black hat and nation-state actors and could put nation’s security at risk.Since past two and a half years, from when Narender Modi has come into power as Prime Minister, we have heard so much about Digital India Programme – an initiative championed by Government of India that aims at making all government services electronically available as well as providing high-speed Internet connectivity nationwide.
The Department of Telecommunications has stated multiple times that the Indian government is very serious about the cyber security threats and is taking all the necessary initiatives in this direction.
The initiative also includes vision to broaden digital infrastructure in the country with new technologies, but so far we have not seen any ground level initiative to tighten up the security of at least websites that represent various crucial government departments, agencies, services, and programs.
Not convinced yet? Let me put some stats to make my point clear.
A report from cyber security company FireEye found that 38% of organizations in India were exposed to targeted advanced persistent attacks in the first half of 2015, that's 23% increase from the previous report."India is fast becoming a strategic target, in part because of the potentially sensitive information that is expected to be digitized through ambitious and high-profile projects such as Digital India," the report stated.
Last year, an annual report from CERT-In noted that over 26,244 India websites were hacked, which includes hundreds of government websites.Also, more than 35 Indian central and state government websites have recently been hacked by Pakistani hackers after India did surgical strikes across the Line of Control (LoC), Economic Times reports.
Another survey says that cyber crime incidences in India have drastically jumped in past year, with 72% companies in the country falling victim to online attacks.
So far we haven't completely tackled security of our websites and a stream of Internet of Things (IoT) cyber attacks have dramatically increased the threat landscape in past few months only, which should be addressed immediately.
This incident is extremely worrying because it involves diplomatic personnel working in the embassies that have always been a favorite target of state-sponsored hackers launching cyber espionage campaigns.
Security pen-testers who go by the name Kapustkiy and Kasimierz have claimed responsibility for the hack and told The Hacker News that the reason behind the hack was to force administrators to consider the cyber security of their websites seriously.
In Pastebin link shared on their Twitter account, the hackers claimed to have hijacked Indian Embassy websites in Switzerland, Italy, Romania, Mali, South Africa, Libya, and Malawi and leaked personal details of hundreds of Indians, including students studying abroad.
The pair exploited a simple vulnerability in the targeted websites in an effort to gain unauthorized access to the databases.The Hacker News team has analyzed those hacked sites and found they are vulnerable to SQL Injection vulnerability that allows an attacker to inject malicious SQL commands (payloads) to the web application and steal database containing sensitive information.
"We did it because their security was poor, and several domains related to the Indian Embassy had the same vulnerability. This proves that a lot of people can not trust the "Embassy." We hope that this problem will be fixed in the future." hackers told The Hacker News via email.
"We did not do it for the lulz or something, but we did just for them to pay attention to the issues with their crucial websites. Also, we did not leak anything like their real address, city or zip code, which is available in the database." The leaked data shows that the targeted websites are so insecure that even user and admin passwords are also stored in plaintext without any hashing mechanism.
Is India Prepared for Cyber Attacks?
this is not just the first time when hackers have targeted Indian embassies. In the month of June, seven other High Commission websites in Tajikistan, Romania, Greece, Turkey, Mexico, Sao Paolo and Pretoria were hacked and defaced by Pakistani hackers.
However, it seems like the Indian government did not take the incident as a lesson to tighten the security of its critical infrastructure that is all time favorite target of black hat and nation-state actors and could put nation’s security at risk.Since past two and a half years, from when Narender Modi has come into power as Prime Minister, we have heard so much about Digital India Programme – an initiative championed by Government of India that aims at making all government services electronically available as well as providing high-speed Internet connectivity nationwide.
The Department of Telecommunications has stated multiple times that the Indian government is very serious about the cyber security threats and is taking all the necessary initiatives in this direction.
The initiative also includes vision to broaden digital infrastructure in the country with new technologies, but so far we have not seen any ground level initiative to tighten up the security of at least websites that represent various crucial government departments, agencies, services, and programs.
Not convinced yet? Let me put some stats to make my point clear.
A report from cyber security company FireEye found that 38% of organizations in India were exposed to targeted advanced persistent attacks in the first half of 2015, that's 23% increase from the previous report."India is fast becoming a strategic target, in part because of the potentially sensitive information that is expected to be digitized through ambitious and high-profile projects such as Digital India," the report stated.
Last year, an annual report from CERT-In noted that over 26,244 India websites were hacked, which includes hundreds of government websites.Also, more than 35 Indian central and state government websites have recently been hacked by Pakistani hackers after India did surgical strikes across the Line of Control (LoC), Economic Times reports.
Another survey says that cyber crime incidences in India have drastically jumped in past year, with 72% companies in the country falling victim to online attacks.
So far we haven't completely tackled security of our websites and a stream of Internet of Things (IoT) cyber attacks have dramatically increased the threat landscape in past few months only, which should be addressed immediately.
WeHackForTruth (@) protonmail (.com) are the experts that helped me effectively spy on my cheating spouse.
ReplyDeleteHACK SOCIAL MEDIA (IG, Snapchat, TikTok)
WEHACKFORTRUTH@protonmail(.com) are a team of professionals that can help you hack into any social media account and read private messages. We can give you access for any accounts of your boyfriend, wife/husband, cheating spouse or children. You can view their chats, activity and passwords. Just send a message describing your needs.
BITCOIN RECOVERY IS REAL!!! ( MorrisGray830 At gmail Dot Com, is the man for the job ) This man is dedicated to his work and you can trust him more than yourself. I contacted him a year and a half Ago and he didn't succeed. when i got ripped of $491,000 worth of bitcoins by scammers, I tried several recovery programs with no success too. I kept on. And now after so much time Mr Morris Gray contacted me with a success, and the reward he took was small because obviously he is doing this because he wants to help persons like me who fell for crypto scam, and love his job. Of course he could have taken all the coins and not tell me , I was not syncing this wallet for a year, but he didn't. He is the MAN guys , He is! If you have been a victim of crypto scam before you can trust Morris Gray 10000000%. I thought there were no such good genuine guys anymore on earth, but Mr Morris Gray brought my trust to humanity again. GOD bless you sir...you can reach him via ( MORRIS GRAY 830 at Gmaill dot com ) or Whatsapp +1 (607)698-0239..
ReplyDelete