Chinese hackers breach DRDO security, steal thousands of secret files

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://english.samaylive.com/nation-news/676525806/chinese-hackers-breach-drdo-security-steal-thousands-of-secret-files.html

The official website of Defence Research and Development Organisation
(DRDO) once again came under the cyber attack unleashed by the Chinese
hackers.


According to the Mumbai newspaper DNA, Chinese hackers breached the
security of DRDO website and accessed thousands of top secret files.

As par the report, the top secret files related to Cabinet Committee
on Security have been uploaded on a server based in Guangdong.

The report claims that this is the biggest security breach in the
Indian defence establishment.

The hacking incident came to the fore in the first week of this month
when officials from India's technical intelligence wing, National
Technical Research Organisation (NTRO), along with private Indian
cyber security experts cracked open a file called "army cyber policy".

The DNA report claimed that the file was found attacked to hacked
email accounts of senior DRDO officials that quickly spread through
the system in a matter of seconds.

Later, the NTRO found that all the sensitive files stolen from the
infected systems were being uploaded on a server in Guangdong province
of China.

For the first time, Indian cyber intelligence team has successfully
tracked the hacking location.

Indian cyber security experts discovered thousands of top secret CCS
files, and other documents related to surface-to-air missile and radar
programmes from DRDL, a DRDO lab based in Hyderabad, among many other
establishments.

Even the e-tickets of DRDO scientists who had travelled to Delhi in
February were found on the server.

Intelligence officials also discovered documents of deals struck
between DRDO and Bharat Dyamics Ltd, a defence PSU which makes
strategic missiles and components.

Other recovered files related to price negotiations with MBDA, a
French missile manufacturing company.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.