Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Indian Embassies Hacked By Two Grey Hat Hackers!

 

 

security expert who breaks laws sometimes to get into any system but doesn't harm the system by doing any malicious activity is called “Grey Hat Hacker”. The databases of Indian Embassies, which are located in Mali, Italy, Malawi, Switzerland, Romania and Libya have been breached by two grey hat hackers. The databases of these embassies were vulnerable to SQLi Attack and hackers easily managed to exploit all of it. The leaked data belongs to all that people, which are working in Indian Embassies of these countries.

 

About These Grey Hat Hackers

According to a blog post of Bit4ld’s Chief Information Security Officer Pierluigi Paganini, he was contacted by a “Kapustkiy” named security pentester. He told him that he has breached the databases of Indian Embassies which are located in Switzerland, Romania, Italy, Mali, Libya and Malawi. One of his friends was also with him in the hack. His name is “Kapustkiy”. These are monikers of both the grey hat hackers, “Kapustkiy” didn’t reveal their real names. Both the hackers were “White Hat Hackers” in past but to seek the attention of media they change into “Grey Hat Hackers”. A number of web admins have been forced by them to consider the security of website in a serious way.

 

Register For 7 Days SQL Injection Training Program of CDI: Click here

 

It Was SQLi Attack

The websites of Indian Embassies located in above mentioned countries were vulnerable to SQL Injection Attack. It was very easy for both hackers to exploit these vulnerabilities and the managed to gain the access to databases. According to hackers, many websites of Indian Embassies contains same SQL injection vulnerabilities. Total seven databases have been breached by both the hackers. After that, they post in on Pastebin. The leaked data contains Names, surnames, Passport Numbers, telephone numbers and email addresses of personnel.

 

 

Operation Ke3chang

This data belongs to the personnel which is working in Indian Embassies of targeted countries. These type of cyber-attacks are very dangerous because anyone can misuse this information to target privileged personnel of Embassies. According to a report from PaloAlto Networks, in May 2013 Security Firm FireEye discovered a Ke3chang named operation in which hackers were targeting foreign ministry affairs of Europe. The hackers of these operations were from China. The same hacking group was targeting Indian Embassies as well in the same year. According to security firms, it is the only operation, in which hackers are targeting diplomatic personnel. Therefore, all the embassies of the world should spend money and time on security systems of its official websites.

 

"After this data breach, the official websites of these embassies were down for some time. But now all these websites are working fine."

 

Source: securityaffairs.co

 

Also Read: 

What is SQL Injection!

Wix.Com DOM Based XSS Vulnerability Put 86 Million Websites At Risk!​

Indian Banks ATM Hack Scam!

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.