India: 7 embassy websites hacked, data released online
THE websites of seven Indian embassies in Europe and Africa have been hacked and the data gleaned from them released online, as officials work to restore the sites and control the damage.
According to the Associated Press, the Indian embassies in Italy, Switzerland, South Africa, Libya, Malawi, Mali, and Romania had their websites breached by hackers, who have identified themselves only as Kaputsky and Kasimierz L.
External Affairs Ministry spokesman Vikas Swarup told reporters on Tuesday that officials are aware and are trying to rectify the problem.
The hackers released information on some embassy staff members online, including names, email addresses, phone numbers, and passport numbers. Officials are attempting to track their IP addresses.
Kaputsky was quoted telling the Hindustan Times: “We did it because their security was poor and as the Indian Embassy, they need to have better security.” He added that the websites were so vulnerable, “a six-year-old could breach it”.
The specific vulnerability Kaputsky pointed out is an SWL vulnerability, which allows hackers to insert malicious content into the website’s database using forms already existing on the website. They could also do so via the website code or email, and once the malware is in, the hacker has unobstructed access.
The Hindustan Times reports that the hackers claimed they were under 18 years of age and from the Netherlands.