Website defacement is an attack on a website that changes the visual appearance of the site or a webpage. Defacement is generally used to spread messages by politically motivated “cyber protesters” or hacktivists. Web defacement is often considered a minor form of Cyber Attack, very much like a petty crime. Web defacement is relatively easier to carry out than other forms of Cyber Attacks, such incidents are in fact quite common. Moreover, as these attacks are often targeted at web pages with significant traffic, they get noticed and exposed quickly. According to CERT-In’s annual report 26244 websites in India (including 18403 websites with .in domain) were defaced by hackers.
Indian Revenue Services Website Defaced
The year began with yet another defacement attack originated from Pakistan. The website of Indian Revenue Services was defaced by Pakistan based hacker group.
The website, which acts as an official communicator for official work between the Central Board of Direct Taxes and the IT department field offices in the country, has put up a message saying, “We’ll be back soon! Sorry for the inconvenience but we’re performing some maintenance at the moment.”
Later, the Computer Emergency Response Team of India (CERT-In) conducted a Security Audit of the portal and took utmost care that no Secret or Vital Information was to be uploaded to the said URL.
Utkal University Website Defacement
In the month of May, Utkal Unversity based in Bhubaneswar got to see a Pakistani flag with some pro-Pakistani messages on their website. However, the hacker only defaced the site and did not damage nor steal any information. The hacker had posted “K9 Cyber Army” message on the pages defaced by it. This website was hosted by All India Online under a dedicated server. Currently, This website is hosted by National Informatics Center(NIC). A year ago, data theft also affected OJEE admission and a large number of seats remained vacant because of poaching of students.
Karnataka Police Website Defacement
Karnataka Police was also one among many government websites that were defaced last year. The same Pakistani hacker responsible for hacking into an Unnamed Indian Bank’s Payment gateway was found guilty. It was a major embarrassment for the Karnataka State Government, soon the page was restored shortly afterwards in a matter of minutes and a probe was initiated later for further investigation.
Indian Embassies got hacked twice in a year
The carelessness towards cyber security by Indian Government was exposed when multiple websites of Indian Embassies and Offices of Ministry of External Affairs in various countries were vandalised by pro-Pakistani hackers twice in a year.
Both the incidents involved websites of Indian Embassies & Ministry of External Affairs offices of Tajikistan, Romania, Greece, Turkey, Mexico, Sao Paolo, Pretoria, Switzerland, Italy, Mali, South Africa, Libya and Malawi. Later it was revealed that the hacked sites were vulnerable to SQL Injection and allowed the attackers to steal database information by simply injecting malicious commands.
An article from Hackernews claims that the targeted websites did not even have proper hashing and encryption for storing credentials in database. They also mentioned that the hackers dubbed as Kapustkiy and Kasimierz, who took responsibility for hacking the websites second time. It also says that they hacked the websites just to make sure that the administrators pay attention towards security of these very crucial websites.