DRDO and PMO Websites Hacked !

LurkerBaba

Super Mod
Joined
Jul 2, 2010
Messages
7,882
Likes
8,125
Country flag
These are top level government owned sites ! And why are the Algerians behind this ?

-----

Algerian hackers carried out a successful cyber attack on a government server which hosts websites of extremely sensitive organisations and defaced websites operated by the Defence Research and Development Organisation (DRDO) and the Prime Minister's Office (PMO).

---

The most sensitive website that came under attack was the one operated by the Recruitment and Assessment Centre (RAC) of the DRDO (www.rac.gov.in/experts/Dz.php).

The RAC recruits scientists for various DRDO laboratories and also assesses the suitability of DRDO scientists for promotions. The other most important website was the one hosted by the Advisor to the Prime Minister on Public Information, Infrastructure and Innovations (http://iii.gov.in/tmp/Dz.php).

The other victim websites were: West Bengal police (http://policewb.gov.in/wbp/coounter.txt); Directorate of Estates of Ministry of Urban Development (http://gpra.nic.in/gpra/writereaddata/Dz.php), Biotechnology Industry research Assistance Council (http://birapdt.nic.in/video.Dz.php), UT of Diu (www.diu.gov.in/departments/Dz.php) and http://rciregistration.nic.in/rehabcouncil/Dz.php'.

A Hyderabad-based cyber security expert Kusumba S. told 'The Hindu' that the hacker had apparently accessed the host server and modified the root files of respective websites. "This could be dangerous because the hacker could have stolen data as he had complete access to root files," he felt.

The Hindu : News / National : DRDO website hacked
 

LurkerBaba

Super Mod
Joined
Jul 2, 2010
Messages
7,882
Likes
8,125
Country flag
I hope people realize the gravity of the situation.

These sites are under heavy scrutiny and yet someone was able to deface them !
 

Yusuf

GUARDIAN
Super Mod
Joined
Mar 24, 2009
Messages
24,324
Likes
11,757
Country flag
Why Algerian? Is this a diversionary tactic?
Paki behind this?
 

LurkerBaba

Super Mod
Joined
Jul 2, 2010
Messages
7,882
Likes
8,125
Country flag
Why Algerian? Is this a diversionary tactic?
Paki behind this?
Possible. But its pointless pondering over that.

What's important is how the ---- did such high visibility sites get hacked ?
 

SajeevJino

Long walk
Senior Member
Joined
Feb 21, 2012
Messages
6,017
Likes
3,364
Country flag
What happens Our Cyber defence Team...
Who is providing Security to these Servers...


Many more Hacking Knowledge Citizens available all over India..The Govt should find out these persons to Defend our Cyber Intels.

I think govt now educating some students to Defend our Cyber security...But Outside there are so many of them are Quite genius in Hacking...


Should the Govt think about this..



Waiting for myself
 

spikey360

Crusader
Senior Member
Joined
Jan 19, 2011
Messages
3,453
Likes
6,390
Country flag
"hacking, hacking!" you shout. Pray, do you know the difference between hacking and cracking, the thing really being done here?
Besides, what sort of attack was this? Injection attack, password compromise, redirection.. What?
Simply saying hacking is a gross generalisation.
 

Ray

The Chairman
Professional
Joined
Apr 17, 2009
Messages
43,132
Likes
23,834
Both sites hacked have nothing sensational to append.

So, it is a waste of energy of the hackers.

They have only hacked themselves!
 

SajeevJino

Long walk
Senior Member
Joined
Feb 21, 2012
Messages
6,017
Likes
3,364
Country flag
Both sites hacked have nothing sensational to append.

So, it is a waste of energy of the hackers.

They have only hacked themselves!
They Just need some Publicity
 

marshal panda

Regular Member
Joined
Dec 19, 2010
Messages
167
Likes
56
Country flag
Algerians,by themselves can not be behind the attack.Some one is using their shoulders to mount the gun.
 

chase

Tihar Jail
Banned
Joined
Aug 22, 2012
Messages
553
Likes
539
"hacking, hacking!" you shout. Pray, do you know the difference between hacking and cracking, the thing really being done here?
Besides, what sort of attack was this? Injection attack, password compromise, redirection.. What?
Simply saying hacking is a gross generalisation.
Since the website was hacked because of the comprised server.......it was definately a problem from the server side.The server company didn't had the required security.
IMO all government websites should use dedicated government servers protected by specially hired engineers.
 

spikey360

Crusader
Senior Member
Joined
Jan 19, 2011
Messages
3,453
Likes
6,390
Country flag
Since the website was hacked because of the comprised server.......it was definately a problem from the server side.The server company didn't had the required security.
IMO all government websites should use dedicated government servers protected by specially hired engineers.
Compromised server, eh? Ah. So that means, the cracker cracked the password and eventually got control of the root account. Something similar is said in the post as well
the hacker
had apparently accessed the host server and
modified the root files of respective websites.
"This could be dangerous because the hacker
could have stolen data as he had complete
access to root files," he felt
This is dangerous indeed. He might also now have the access to others computer on the same network, which is worse.
One aspect of government websites which I find odd is that they do not host their sites in-house. Most of the times, the job is given to a private company. Often, these companies do not have adequate security configurations that a government site should have. This is appalling.
I absolutely agree with you on the last part.
 

cloud_9

Regular Member
Joined
Sep 18, 2012
Messages
768
Likes
697
Country flag
Sensitive information :facepalm: Why would DRDO keep their sensitive information on a web hosting server anyone who has worked in a research environment knows that the research facilities are always isolated from the internet :violin:

And PMO website server's were probably loaded with these kind of pictures :rofl:

 

Daredevil

On Vacation!
Super Mod
Joined
Apr 5, 2009
Messages
11,615
Likes
5,772
I'm sure the server is managed by Indian government. But the server security is not hardened or there are many loop holes in the website security. The process of accessing root of the website/server through loop holes in the website is called "rooting". A lot of hackers do this rooting to get access to servers and use them as botnets. So, the government should harden both the server and the website and leave no hole open for injection attack or anything else.
 

LurkerBaba

Super Mod
Joined
Jul 2, 2010
Messages
7,882
Likes
8,125
Country flag
I'm sure the server is managed by Indian government. But the server security is not hardened or there are many loop holes in the website security. The process of accessing root of the website/server through loop holes in the website is called "rooting". A lot of hackers do this rooting to get access to servers and use them as botnets. So, the government should harden both the server and the website and leave no hole open for injection attack or anything else.
I think the people at NIC know what hardening etc is. These guys are professionals
 

nrj

Ambassador
Joined
Nov 16, 2009
Messages
9,658
Likes
3,911
Country flag
There are literally dozens of apache loopholes discovered every passing day. You have to patch them promptly or any 16 yr old kid will put cartoons on your websites.

Incident is embarrassing.
 

Spindrift

Senior Member
Joined
Nov 29, 2011
Messages
2,629
Likes
8,542
I think the people at NIC know what hardening etc is. These guys are professionals
Problem is that the majority of the work is out sourced by NIC..... secondly, the "professionals" at the NIC are just typical bureaucrats... you can not and should not expect much from them..
 

Latest Replies

Global Defence

New threads

Articles

Top