DRDO and PMO Websites Hacked !

Discussion in 'Strategic Forces' started by LurkerBaba, Nov 1, 2012.

  1. LurkerBaba

    LurkerBaba Staff Administrator

    Joined:
    Jul 2, 2010
    Messages:
    6,769
    Likes Received:
    3,678
    Location:
    India
    These are top level government owned sites ! And why are the Algerians behind this ?

    -----

    Algerian hackers carried out a successful cyber attack on a government server which hosts websites of extremely sensitive organisations and defaced websites operated by the Defence Research and Development Organisation (DRDO) and the Prime Minister’s Office (PMO).

    ---
    [​IMG]
    The most sensitive website that came under attack was the one operated by the Recruitment and Assessment Centre (RAC) of the DRDO (www.rac.gov.in/experts/Dz.php).

    The RAC recruits scientists for various DRDO laboratories and also assesses the suitability of DRDO scientists for promotions. The other most important website was the one hosted by the Advisor to the Prime Minister on Public Information, Infrastructure and Innovations (http://iii.gov.in/tmp/Dz.php).

    The other victim websites were: West Bengal police (http://policewb.gov.in/wbp/coounter.txt); Directorate of Estates of Ministry of Urban Development (http://gpra.nic.in/gpra/writereaddata/Dz.php), Biotechnology Industry research Assistance Council (http://birapdt.nic.in/video.Dz.php), UT of Diu (www.diu.gov.in/departments/Dz.php) and http://rciregistration.nic.in/rehabcouncil/Dz.php’.

    A Hyderabad-based cyber security expert Kusumba S. told ‘The Hindu’ that the hacker had apparently accessed the host server and modified the root files of respective websites. “This could be dangerous because the hacker could have stolen data as he had complete access to root files,” he felt.

    The Hindu : News / National : DRDO website hacked
     
  2.  
  3. LurkerBaba

    LurkerBaba Staff Administrator

    Joined:
    Jul 2, 2010
    Messages:
    6,769
    Likes Received:
    3,678
    Location:
    India
    I hope people realize the gravity of the situation.

    These sites are under heavy scrutiny and yet someone was able to deface them !
     
  4. Yusuf

    Yusuf GUARDIAN Administrator

    Joined:
    Mar 24, 2009
    Messages:
    24,274
    Likes Received:
    11,280
    Location:
    BANGalore
    Why Algerian? Is this a diversionary tactic?
    Paki behind this?
     
  5. LurkerBaba

    LurkerBaba Staff Administrator

    Joined:
    Jul 2, 2010
    Messages:
    6,769
    Likes Received:
    3,678
    Location:
    India
    Possible. But its pointless pondering over that.

    What's important is how the ---- did such high visibility sites get hacked ?
     
  6. SajeevJino

    SajeevJino Long walk Elite Member

    Joined:
    Feb 21, 2012
    Messages:
    5,654
    Likes Received:
    3,032
    Location:
    Inside a Cage
    What happens Our Cyber defence Team...
    Who is providing Security to these Servers...


    Many more Hacking Knowledge Citizens available all over India..The Govt should find out these persons to Defend our Cyber Intels.

    I think govt now educating some students to Defend our Cyber security...But Outside there are so many of them are Quite genius in Hacking...


    Should the Govt think about this..



    Waiting for myself
     
    sayareakd likes this.
  7. spikey360

    spikey360 Crusader Senior Member

    Joined:
    Jan 19, 2011
    Messages:
    2,285
    Likes Received:
    2,116
    Location:
    The Republic of India
    "hacking, hacking!" you shout. Pray, do you know the difference between hacking and cracking, the thing really being done here?
    Besides, what sort of attack was this? Injection attack, password compromise, redirection.. What?
    Simply saying hacking is a gross generalisation.
     
    The Messiah and Sridhar like this.
  8. Ray

    Ray The Chairman Defence Professionals Moderator

    Joined:
    Apr 17, 2009
    Messages:
    43,118
    Likes Received:
    23,543
    Location:
    Somewhere
    Both sites hacked have nothing sensational to append.

    So, it is a waste of energy of the hackers.

    They have only hacked themselves!
     
  9. SajeevJino

    SajeevJino Long walk Elite Member

    Joined:
    Feb 21, 2012
    Messages:
    5,654
    Likes Received:
    3,032
    Location:
    Inside a Cage
    They Just need some Publicity
     
  10. marshal panda

    marshal panda Regular Member

    Joined:
    Dec 19, 2010
    Messages:
    163
    Likes Received:
    44
    Algerians,by themselves can not be behind the attack.Some one is using their shoulders to mount the gun.
     
  11. chase

    chase Tihar Jail Banned

    Joined:
    Aug 22, 2012
    Messages:
    553
    Likes Received:
    536
    Since the website was hacked because of the comprised server.......it was definately a problem from the server side.The server company didn't had the required security.
    IMO all government websites should use dedicated government servers protected by specially hired engineers.
     
  12. spikey360

    spikey360 Crusader Senior Member

    Joined:
    Jan 19, 2011
    Messages:
    2,285
    Likes Received:
    2,116
    Location:
    The Republic of India
    Compromised server, eh? Ah. So that means, the cracker cracked the password and eventually got control of the root account. Something similar is said in the post as well
    This is dangerous indeed. He might also now have the access to others computer on the same network, which is worse.
    One aspect of government websites which I find odd is that they do not host their sites in-house. Most of the times, the job is given to a private company. Often, these companies do not have adequate security configurations that a government site should have. This is appalling.
    I absolutely agree with you on the last part.
     
  13. cloud_9

    cloud_9 Regular Member

    Joined:
    Sep 18, 2012
    Messages:
    765
    Likes Received:
    690
    Location:
    Roaring Forties
    Sensitive information :facepalm: Why would DRDO keep their sensitive information on a web hosting server anyone who has worked in a research environment knows that the research facilities are always isolated from the internet :violin:

    And PMO website server's were probably loaded with these kind of pictures :rofl:

    [​IMG]
     
  14. Daredevil

    Daredevil On Vacation! Administrator

    Joined:
    Apr 5, 2009
    Messages:
    11,613
    Likes Received:
    5,670
    I'm sure the server is managed by Indian government. But the server security is not hardened or there are many loop holes in the website security. The process of accessing root of the website/server through loop holes in the website is called "rooting". A lot of hackers do this rooting to get access to servers and use them as botnets. So, the government should harden both the server and the website and leave no hole open for injection attack or anything else.
     
  15. LurkerBaba

    LurkerBaba Staff Administrator

    Joined:
    Jul 2, 2010
    Messages:
    6,769
    Likes Received:
    3,678
    Location:
    India
    I think the people at NIC know what hardening etc is. These guys are professionals
     
  16. nrj

    nrj Stars and Ambassadors Stars and Ambassadors

    Joined:
    Nov 16, 2009
    Messages:
    9,252
    Likes Received:
    3,347
    Location:
    Brussels
    There are literally dozens of apache loopholes discovered every passing day. You have to patch them promptly or any 16 yr old kid will put cartoons on your websites.

    Incident is embarrassing.
     
  17. Spindrift

    Spindrift Regular Member

    Joined:
    Nov 29, 2011
    Messages:
    307
    Likes Received:
    175
    Problem is that the majority of the work is out sourced by NIC..... secondly, the "professionals" at the NIC are just typical bureaucrats... you can not and should not expect much from them..
     

Share This Page