BreachExchange mailing list archives
Over 1,000 govt sites hacked since 2009
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Sat, 17 Aug 2013 19:06:27 -0600
http://timesofindia.indiatimes.com/india/Over-1000-govt-sites-hacked-since-2009/articleshow/21889287.cms MUMBAI: The MTNL Mumbai portal on Thursday night became one of the 1,300-odd websites run by the government or allied agencies that have been hacked into since 2009. Cyber expert Vijay Mukhi blames the situation on a lack of awareness and the tight-fisted attitude of government departments and public sector agencies when it comes to cyber technology upgrades and security. "We really don't understand why government departments do not spend a little money on securing the country's vital data," he said. "This laxity is making the country's cyberspace vulnerable to intruders." The MTNL site was defaced by self-proclaimed Pakistani hackers around Thursday midnight. The MTNL website was disrupted by a hacking group last year as well. MTNL executive director Piyush Agrawal on Saturday ruled out any laxity in securing the website. Agrawal said MTNL periodically trained network maintenance staff through professional network security companies. MTNL claims that only the webpage and server logs-files created by the server of the activities performed by it-were damaged, but cyber experts do not rule out the possibility of hackers having obtained subscribers' addresses, phone numbers and other data. Mukhi said that though he did not know what kind of damage the hacking had caused, the possibility of hackers entering the MTNL computer network and internal antennae to access call and billing data could not be ruled out. "They (hackers) can stop Mumbai's phone network and know who called whom," Mukhi said. "They can reduce or hike the bills too. They can delete software that ran the network. If you remember, an American-Israeli virus had put Iran's nuclear programme back by a couple of years." Following a complaint lodged by MTNL, the crime branch at Fort registered an FIR and police officers visited the MTNL server office on Saturday. The MTNL Mumbai server was frozen and shifted to a forensic lab. In the next few days, investigators are expected to consolidate details to know whether the hackers hailed from within the country or did their mischief from beyond the borders. Investigators also hope to know from the server which data was accessed or damaged. Besides the cyber police, three more teams have been deployed for separate investigations. These three teams are drawn from a professional network security agency, MTNL experts, and the Computer Emergency Response Team (CERT), Delhi. "Investigations by these teams will also help us formulate guidelines to secure servers so that such incidents are not repeated in the future," Agrawal said. MTNL does not have as many cellphone users as other service providers, but it is the dominant player in the broadband and landline telephony market. In 2010, 2011 and 2012, the number of websites of various ministries and government departments that were hacked into was 303, 308 and 419, respectively. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Over 1,000 govt sites hacked since 2009 Audrey McNeil (Aug 20)