CBI website hacked by PCA is still offline

rizwan78

Regular Member
Joined
Aug 7, 2009
Messages
303
Likes
122
Country flag
:angry_10:
http://www.thehindu.com/sci-tech/internet/article970566.ece
Websites on the vulnerability list include that of National Archives, the Jammu and Kashmir government and Manipur government's Home Ministry.

The recent hacking of the Central Bureau of Investigation's website by the so-called "Pak cyber army" has exposed gaping holes in the hosting of some important government websites. It is now official that at least 280 government websites, including that of the Navy, Supreme Court, High Courts of Bombay, Punjab and Haryana, Planning Commission, are "highly vulnerable" to such cyber attacks.

Government sources told The Hindu that the National Informatics Centre (NIC) under the Department of Information Technology has found that around 280 websites of Central and State government agencies and organisations, hosted by it, are highly vulnerable to cyber attacks as they lack proper cyber security protocols. The NIC is reviewing security aspects of over 5,000 websites and portals.

Vulnerability list

Websites of other important government departments and organisations on the vulnerability list include that of National Archives, which is the repository of all non-current records of the Indian Government, the Jammu and Kashmir government, Orissa government's Right to Information portal, and Manipur government's Home Ministry. The websites of two important organisations – Food Corporation of India and National Fertilizers Ltd – are also under threat of cyber attacks.

Department of Information Technology Secretary S.K. Sharma has directed NIC Director-General B.K. Gairola not to host any website which does not possess a security audit certificate from IT security auditors. These 280 government organisations have been asked to get their websites audited by December 31, 2010; else the hosting of their websites would be stopped.

Notably, the CBI website, which was hacked on December 3, 2010, and is still not online, had not conducted security audit since 2007, making it a soft target for hackers.

When contacted, Minister of State for Communications and IT Sachin Pilot said: "We have now made security certificate mandatory for all websites being hosted by NIC. Government departments or agencies can get their website certified by 50 auditors empanelled by NIC. We have asked all ministries, departments and public sector enterprises at both Central and State government levels to step up their cyber security efforts to avert any kind of hacking or attacks."

Mr. Pilot — who recently held a meeting with officers of the Department of Information Technology, Ministry of Home Affairs, Indian Computer Emergency Response Team (CERT-In) and NIC — further said they have decided to hold regular audits of all websites with respect to quality and security, prior to the hosting.

"I have stressed the need to enhance the security of the websites in particular and cyber space in general. There has been a quantum jump in the number of Indian websites, from 1.7-lakh in 2005 to about 1 crore now. This has necessitated that all government agencies should pay close attention to cyber security guidelines followed by them. We are ready with comprehensive crisis management plan prescribed by CERT-In to prevent and deal with attacks on websites," Mr. Pilot added.
 

maomao

Veteran Hunter of Maleecha
Senior Member
Joined
Apr 7, 2010
Messages
5,033
Likes
8,354
Country flag
Rizwan beta, for almost every Indian site there are atleast 100 pakistani sites gets hacked.....don't act smart because you are definitely:happy_2: not!!
 

rizwan78

Regular Member
Joined
Aug 7, 2009
Messages
303
Likes
122
Country flag
Rizwan beta, for almost every Indian site there are atleast 100 pakistani sites gets hacked.....don't act smart because you are definitely:happy_2: not!!
Momao beta, web hacking is not a big case but the site remain hacked is most concerning........ is not it ? ..........
 

Flint

Senior Member
Joined
Mar 10, 2009
Messages
1,622
Likes
163
Is any essential business conducted through these websites? I doubt it. They will improve their security over time, but it's hardly a national crisis. Though it is embarrassing.

As long as the actual functioning is not being impeded, or highly sensitive information is not being leaked it's okay
 

Oracle

New Member
Joined
Mar 31, 2010
Messages
8,120
Likes
1,566
We still believe in kagaj, kalam. Most of the sensitive documents are kept offline i.e. not wired to the world. And as fas as CBI website not being up till date, something big is going on behind the scenes, like massive upgradation and security patching. Or maybe setting up a honey pot.
 

divya

Regular Member
Joined
Dec 16, 2010
Messages
188
Likes
3
Momao beta, web hacking is not a big case but the site remain hacked is most concerning........ is not it ? ..........
Lol do you know abcd of hacking. In order to hack the site first it will be needed to rooted. so once rooted our guys wont have access to the root that means we cannot bring down the site. since it is down that means that the hack is over and they are doing upgrades into the site.

As far as hacking is concerned....Here is the list of your 880 websites which got hacked after that by ICA

http://pastie.org/private/dzc4skukr0vnveujhijo7a


oops this news of today morning

http://www.thehackernews.com/2010/1...sNews+(The+Hackers+News)&utm_content=FaceBook
 
Last edited:

maomao

Veteran Hunter of Maleecha
Senior Member
Joined
Apr 7, 2010
Messages
5,033
Likes
8,354
Country flag
Momao beta, web hacking is not a big case but the site remain hacked is most concerning........ is not it ? ..........

Nadan Batche, defacing is not Hacking....taking away Data is what matters......that you people cannot even dream of......:happy_2:
 

divya

Regular Member
Joined
Dec 16, 2010
Messages
188
Likes
3
Nadan Batche, defacing is not Hacking....taking away Data is what matters......that you people cannot even dream of......:happy_2:
As far i have my sources say we had completely rooted their PTC server where all their government sites are hosted. so at any point of time we can bring them down. But alas i dont have links to proove that.

At the same time CBI site was hacked by SQL injection attack which hardly had any security installed towards it. it was not a big deal. They were just able to upload their own pages and nothing else. They were not even able to deface the existing pages as they did not had access to them
 

Virendra

Ambassador
Joined
Oct 16, 2010
Messages
4,697
Likes
3,041
Country flag
As far i have my sources say we had completely rooted their PTC server where all their government sites are hosted. so at any point of time we can bring them down. But alas i dont have links to proove that.

At the same time CBI site was hacked by SQL injection attack which hardly had any security installed towards it. it was not a big deal. They were just able to upload their own pages and nothing else. They were not even able to deface the existing pages as they did not had access to them
I read it on some forum here only that these were not actual hacks. The content/data of the site is safe, what happened was merely a redirect to a different bogus page. Like you send someone to a wrong address doesn't mean that you infiltrated the correct address.
 

Latest Replies

Global Defence

New threads

Articles

Top