Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

India: 112 government sites hacked in 3 months

From: InfoSec News <alerts () infosecnews org>
Date: Mon, 19 Mar 2012 01:32:38 -0500 (CDT)
https://www.zdnet.com/blog/security/india-112-government-sites-hacked-in-3-months/10915

By Emil Protalinski
Zero Day
March 18, 2012
112 Indian government websites were hacked in the last three months, according to Sachin Pilot, Minister of State for Communications and IT. The hacked websites were part of government agencies belonging to Andhra Pradesh, Madhya Pradesh, Rajasthan, Tamil Nadu, Maharashtra, Gujarat, Kerala, Orissa, Uttar Pradesh, Sikkim, and Manipur. Also included were the Ministry of Finance, Health, Planning Commission, and Human Resource Development, according to India Times.
The website of state-owned telecom operator Bharat Sanchar Nigam Limited (BSNL) was attacked for the fourth time on December 4, by a Pakistani hacker group called “H4tr!ck.” In fact, at least 22 websites under the Rajasthan state government were destroyed by hackers, mostly from Pakistan, in February. They deleted or stole data from the various sites of important departments including technical education, college education and finance, according to sources cited by India Times.
State government websites have very poor security practices. For example, most government websites in Rajasthan run on single server. This means if a hacker exploits a single vulnerability in any of the websites, he or she can compromise the other websites as well by taking control of the whole server. To make matters worse, when data is deleted, backups are simply uploaded back to website. Given that the sites are attacked again and again, it would appear that nothing is being done to actually fix the security issues. 

[...]


______________________________________________________________________________
CISSP and CEH training with Expanding Security is the fastest, easiest way
to grock the relevant data you need now.   A free class invite is in every
PainPill.  Sign up for the free weekly PainPill .  It's that easy.
http://www.expandingsecurity.com/PainPill
Previous By Date Next
Previous By Thread Next

Current thread: