[ISN] World war on world wide web

InfoSec News isn at c4i.org
Mon Dec 12 03:16:56 EST 2005


http://www.hindustantimes.com/news/181_1570499,0035.htm

Mayank Tewari
New Delhi
December 10, 2005

The battle is virtual and is as good as a real one. It's a fight to 
prove how powerful a hacker can be when it comes to breaking into 
secure Indian websites and servers. In one corner of the ring stands 
the group of international hacker with names like CyberLord, fatal 
error and Suicide Scene. In the opposite corner stands the Indian 
security establishment with a bunch of unnamed patriotic hackers who 
scout the web for any new activity and alert the government.

In the last week of November, international hackers defaced some 230 
Indian sites -having domain names ending with .in. A week later more 
than 1000 Linux based web servers were hacked ain a single attack by 
international hackers. Over 250 of these servers were located in 
India.

In the month of August, the websites of four IITs - Mumbai, Guwahati, 
Kharagpur and Chennai - were hacked and defaced by a group of 
Pakistani hackers who call themselves the Jubni team. The hackers 
claimed that some of the members of the group are Majeed, Jubni, 
Zohaib, Pak Brain, Mian Walian and Ch33ta.  The ire of the group was 
directed towards India, USA and Israel.

The beginning of September sounded alarm bells for the security 
agencies. A friendly hacker emailed senior government officials about 
a Pakistani hackers. plan to deface all defence websites on September 
5 - the day the 1965 war broke out. The warning was received on 
September 2 and all defence websites were made more secure.  Three 
days later, there were repeated attempts to break into our servers but 
the timely tip off saved the day.

Sources in the government informed that it is common for hackers to 
supply intelligence to the Indian government. "There is a network of 
hackers where information about a lot events and Internet incidents is 
exchanged. We could be forewarned about a worm being propagated in 
some part of the world that may hit Indian servers soon.

Based on the input we device patches and post them on our sites for 
everyone else to download and use. This impact of any cyber attack is 
thus neutralised to a great extent," said a government source. The 
website in question is www.cert-in.org.in.

However not everyone pays heed to such security advisories. The CERT 
had issued an advisory in August 2005 about the Linux attacks that 
happened last week, but little attention was paid to it.

Sources inform that such that awareness levels are so low in India 
that instead of sending email alerts of expected hacker attacks typed 
letters are sent out to various states informing them to heighten web 
security and in the wake of such intelligence.

"It is to our credit that despite all of these drawbacks we are able 
to fight international hackers very well," said a government source. 
The Computer Emergency Response Team (CERT) also shares intelligence 
with similar bodies of other countries and is able to generate timely 
inputs.





More information about the ISN mailing list