[BreachExchange] India: 7 embassy websites hacked, data released online

[Audrey McNeil]

http://techwireasia.com/2016/11/india-embassy-websites-hacked-data/

THE websites of seven Indian embassies in Europe and Africa have been
hacked and the data gleaned from them released online, as officials work to
restore the sites and control the damage.

According to the Associated Press, the Indian embassies in Italy,
Switzerland, South Africa, Libya, Malawi, Mali, and Romania had their
websites breached by hackers, who have identified themselves only as
Kaputsky and Kasimierz L.

External Affairs Ministry spokesman Vikas Swarup told reporters on Tuesday
that officials are aware and are trying to rectify the problem.

The hackers released information on some embassy staff members online,
including names, email addresses, phone numbers, and passport numbers.
Officials are attempting to track their IP addresses.

Kaputsky was quoted telling the Hindustan Times: “We did it because their
security was poor and as the Indian Embassy, they need to have better
security.” He added that the websites were so vulnerable, “a six-year-old
could breach it”.

The specific vulnerability Kaputsky pointed out is an SWL vulnerability,
which allows hackers to insert malicious content into the website’s
database using forms already existing on the website. They could also do so
via the website code or email, and once the malware is in, the hacker has
unobstructed access.

The Hindustan Times reports that the hackers claimed they were under 18
years of age and from the Netherlands.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161108/6f1812d2/attachment.html>