18
2012
112 Indian Government Sites Hacked
An article by connection
The Jist: The Indian government has some serious security issues, and hackers are taking advantage. Over a hundred websites were hacked in the last three months alone; data was either deleted or stolen.
How were these hacks commited? More after the fold
Gaining access to over 100 government sites in 3 months is a pretty large feat. After reading about this hack I decided I’d reach out to some of my sources in the Indian hacking scene to see if anyone had leads as to how this was done or who did it; what I learned was that a few months ago some hackers were able to gain access to a shared server hosting around 80 government sites due to an LFI vulnerability which allowed them to ascertain the root password on the server (pesky bash_history files). After having root access it was trivial to poke around and do whatever you wanted on the server. Now, my sources also tell me that the webhost in charge of this server was contacted and told about the vulnerability and even warned that this was a severe vulnerability. Nothing was ever done.
The scenario described above is very familiar to me and I’m sure it is familiar to many of you HackTalkers; you report a vuln, never hear back, check 3 months later and the vuln is still there. The way I deal with this situation is to force the vendor/website/coder/whoever to patch by submitting the vulnerability to Full-Disclosure’s mailing list and letting nature run its course. Sure they may not be the most “ethical” thing to do but after you tried the ethical approach the only options are to hack them yourself, patch the box, and hope you don’t get caught or wait for the inevitable. The Full-Disclosure approach makes the chances of them being alerted to the issue from many other people substantially higher although it also raises their chances of being hacked, a necessary evil.
How do you HackTalkers deal with alerted parties that don’t want to fix their own systems? Also, what do you think about the webhost that let this vulnerability live on for 3 months after having been alerted to the issue?
