BreachExchange mailing list archives
India: 7 embassy websites hacked, data released online
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 8 Nov 2016 17:27:19 -0700
http://techwireasia.com/2016/11/india-embassy-websites-hacked-data/ THE websites of seven Indian embassies in Europe and Africa have been hacked and the data gleaned from them released online, as officials work to restore the sites and control the damage. According to the Associated Press, the Indian embassies in Italy, Switzerland, South Africa, Libya, Malawi, Mali, and Romania had their websites breached by hackers, who have identified themselves only as Kaputsky and Kasimierz L. External Affairs Ministry spokesman Vikas Swarup told reporters on Tuesday that officials are aware and are trying to rectify the problem. The hackers released information on some embassy staff members online, including names, email addresses, phone numbers, and passport numbers. Officials are attempting to track their IP addresses. Kaputsky was quoted telling the Hindustan Times: “We did it because their security was poor and as the Indian Embassy, they need to have better security.” He added that the websites were so vulnerable, “a six-year-old could breach it”. The specific vulnerability Kaputsky pointed out is an SWL vulnerability, which allows hackers to insert malicious content into the website’s database using forms already existing on the website. They could also do so via the website code or email, and once the malware is in, the hacker has unobstructed access. The Hindustan Times reports that the hackers claimed they were under 18 years of age and from the Netherlands.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- India: 7 embassy websites hacked, data released online Audrey McNeil (Nov 09)