Updates on Indian Cyber Army (ICA)
Rakesh K Singh | New Delhi
CBI registers case against unknown persons for defacing its portal
A day after the CBI’s official website was hacked by ‘Pakistani Cyber Army’ (PCA), the Indian Cyber Army (ICA) on Saturday retaliated by hacking the official website of Oil and Gas Regulatory Authority of Pakistan (OGRA).
The full-scale cyber war between hackers owing allegiance to the two countries has triggered even as the CBI registered a case against unknown persons for hacking and defacement of its portal.
The screenshot of the hacked OGRA website read: “You Have Been Hacked By The “INDIAN CYBER ARMY”. This Is a Retaliation of Hacking “CBI”. You were Very Proud That Your OGRA has Not Been Hacked? Huh!? we can do anything for INDIA.”
The OGRA website was initially restored by the authorities there but the account got completely suspended thereafter. The CBI too struggled to rectify the defacement. Both the PCA and ICA exploited “software vulnerability” for hacking.
One of the hackers of ICA team, Disfigure, notified the Hacker Regiment (a cyber security awareness portal) that they have been able to compromise OGRA of Pakistan available at http://ogra.org.pk as retaliation to PCA’s attack on Indian websites, including CBI’s official website.
A Pakistani media report said besides the CBI website, portals of colleges, NGOs and Indian companies have also been hacked.
Disfigure said, “PCA has not done a great job. They targeted very soft targets and such vulnerable websites are floating all over the web. If we start targeting such Pakistani websites, list would be beyond anyone’s imagination.”
“CBI website was vulnerable with SQL injection which is a software vulnerability that happens due to insecure communication of website visible to the end user and the backend database. So actually, they (PCA) were not able to compromise the underlying servers…If you analyse the screenshot of compromised CBI website, it retained the top header and side bars,” Disfigure added.
Cyber security expert and director of Torrid Networks, a cyber security firm, Dhruv Soi told The Pioneer, “Cyber attacks between two countries are a matter of concern as it threatens to disturb Government and corporate businesses on both sides.”
The cyber attack on the CBI’s website comes days after the agency signed an MoU with Nasscom to contain the menace of cyber terrorism.
The CBI registered the case under Sections 43 and 66 of the Information Technology Act. As per Section 43 of the Act, a person charged for tampering with or manipulating any computer, computer system or compute network shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person (or firm) so affected.
Section 66 says, “Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.”
A CBI spokesperson said efforts were underway to restore the website for public interface at the earliest. “It has come to the notice of the CBI that its official website was unauthorisedly accessed and defaced in the intervening night of December 3 and 4. A case has been registered in this connection in the cyber crime cell of the CBI and efforts are underway to restore the website with the help of National Informatics Centre and the CBI cyber security experts.”
The home page of the CBI website was hacked and it had a message from the PCA warning the ICA that their websites should not be attacked. The PCA also threatened to carry out “mass defacement” of other websites.
Intelligence agencies have been often warning the Government that proper cyber security measures were not being ensured in offices and that no security audit was being carried out.
The ICA, meanwhile, released a list of 800 Pakistani websites defaced by it on November 26 this year as a revenge of the Mumbai terror attacks that started on the day two years ago, including some Pakistan Government sites and that of terror outfit Hizbul Mujahideen.
http://www.dailypioneer.com/301439/Indian-Pakistani-hackers-set-off-full-scale-cyber-war.html