The databases of the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya were leaked online by two grey hat hackers from pakistan
Indian embassy websites in seven different countries have been hacked, and attackers have leaked personal data, including full name, residential address, email address, passport number and phone number, of Indian citizens living abroad.
Websites of the Indian embassy in up to seven countries were vandalised by pro-Pakistani hackers “Intruder” and “Romantic.” The home page of the hacked websites was defaced with pro-Pakistani messages warning India. However, currently all the websites are up and running, except that of the Indian embassy of Tajikistan.
The websites had an image of a person in red and black hooded jacket, with a warning message: “Intruder Here. You got hacked,” reported the New Indian Express.
This is not the first time a website of Indian origin has been hacked. Last year in May, one of India’s popular website [gaana.com] was also hacked by someone who goes by the name Mak Man. The identity of the hacked was later discovered and it was found out in a surprising manner that the hacked belong to Pakistan and he was based in Lahore.
In a fresh incident of hacking, the hackers who call themselves ‘Intruder’ and ‘Romantic’ have posted the following messages on the hacked websites:
“Embassy of India in Dushanbe, Tajikistan Has Been OWNED, Hey Indian Government, Do not Mess With Us Pakistan Army Zindabad, Aata Majhi Satakli? Do not Be Panic We Rock And U Shock Salute to Pakistan Army! Pakistan Zindabad! Feel The Power of Pakistan”
Following is the list of 7 Indian embassy websites that are hacked:
- 1. Embassy of India in Athens, Greece
- 2. Consulate General of India, Sao Paulo, Brazil
- 3. Embassy of India in Bucharest, Romania
- 4. Embassy of India in Ankara, Turkey
- 5. Embassy of India to Mexico
- 6. High Commission of India, Pretoria, South Africa
- 7. Embassy of India Dushanbe, Tajikistan
The hackers also left a message on the front page of the website that read:
“Hey Indian Government, Don’t Mess With Us Pakistan Army Zindabad Aata Majhi Satakli ? Don’t Be Panic We Rock And U Shock Salute To Pakistan Army Pakistan Zindabad! Feel The Power of Pakistan ! !! Greetz -: R”
The pair exploited a simple vulnerability in the targeted websites in an effort to gain unauthorized access to the databases. hacked sites and found they are vulnerable to SQL Injection vulnerability that allows an attacker to inject malicious SQL commands (payloads) to the web application and steal database containing sensitive information.
They breached a total of 7 databases containing names, surname, email addresses and telephone numbers.
The duo leaked online the content of the hacked databases. The data are available on Pastebin at the following URL
The leaked data shows that the targeted websites are so insecure that even user and admin passwords are also stored in plaintext without any hashing mechanism.
The Indian Computer Emergency Response Team (CERT-In) is the nodal agency under the Ministry of Communications and Information Technology that is tasked to deal with cyber security threats like hacking and phishing. Last year, CERT-In’s annual report noted that over 26,244 websites in India (18,403 websites with the .in domain) were defaced by hackers.
A report from cyber security company FireEye found that 38% of organizations in India were exposed to targeted advanced persistent attacks in the first half of 2015, that’s 23% increase from the previous report.
These are quite common practices between the two rival nations since there have been constant attacks from sides of the border since at least 1998. Recently, Indian hackers defaced Lahore High Court’s website twice in a row while Pakistani hackers attacked NIT Raipur’s website. Hope Indian Hackers Hit back soon.
It is interesting to find that during the 2013 analysis by CERT-In, it found that “Romantic” and “Intruder” had figured in the list of top cyberattackers against India.
All the websites are down a few hours after the data leaks. Data appears to be legitimate.
Apart from the Indian embassy in Dushanbe in Tajikistan, the rest of the affected websites are back and running