Over 1,000 govt sites hacked since 2009

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://timesofindia.indiatimes.com/india/Over-1000-govt-sites-hacked-since-2009/articleshow/21889287.cms

MUMBAI: The MTNL Mumbai portal on Thursday night became one of the
1,300-odd websites run by the government or allied agencies that have
been hacked into since 2009.

Cyber expert Vijay Mukhi blames the situation on a lack of awareness
and the tight-fisted attitude of government departments and public
sector agencies when it comes to cyber technology upgrades and
security.

"We really don't understand why government departments do not spend a
little money on securing the country's vital data," he said. "This
laxity is making the country's cyberspace vulnerable to intruders."

The MTNL site was defaced by self-proclaimed Pakistani hackers around
Thursday midnight. The MTNL website was disrupted by a hacking group
last year as well.

MTNL executive director Piyush Agrawal on Saturday ruled out any
laxity in securing the website. Agrawal said MTNL periodically trained
network maintenance staff through professional network security
companies.

MTNL claims that only the webpage and server logs-files created by the
server of the activities performed by it-were damaged, but cyber
experts do not rule out the possibility of hackers having obtained
subscribers' addresses, phone numbers and other data.

Mukhi said that though he did not know what kind of damage the hacking
had caused, the possibility of hackers entering the MTNL computer
network and internal antennae to access call and billing data could
not be ruled out.

"They (hackers) can stop Mumbai's phone network and know who called
whom," Mukhi said. "They can reduce or hike the bills too. They can
delete software that ran the network. If you remember, an
American-Israeli virus had put Iran's nuclear programme back by a
couple of years."

Following a complaint lodged by MTNL, the crime branch at Fort
registered an FIR and police officers visited the MTNL server office
on Saturday. The MTNL Mumbai server was frozen and shifted to a
forensic lab.

In the next few days, investigators are expected to consolidate
details to know whether the hackers hailed from within the country or
did their mischief from beyond the borders.

Investigators also hope to know from the server which data was
accessed or damaged.

Besides the cyber police, three more teams have been deployed for
separate investigations.

These three teams are drawn from a professional network security
agency, MTNL experts, and the Computer Emergency Response Team (CERT),
Delhi.

"Investigations by these teams will also help us formulate guidelines
to secure servers so that such incidents are not repeated in the
future," Agrawal said.

MTNL does not have as many cellphone users as other service providers,
but it is the dominant player in the broadband and landline telephony
market.

In 2010, 2011 and 2012, the number of websites of various ministries
and government departments that were hacked into was 303, 308 and 419,
respectively.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.