[ISN] India was hacker's paradise in '06

From: InfoSec News (alerts@private)
Date: Wed Dec 27 2006 - 22:43:37 PST


http://www.ibnlive.com/news/india-was-hackers-paradise-in-06/29506-11.html

ibnlive.com
December 26, 2006

New Delhi: According to an analysis by the Department of Information 
Technology India remained an Internet hacker's paradise in the first 
half of 2006.

A survey conducted by Computer Emergency Response Team (Cert-In) shows 
that till June this year, 39 '.gov.in' sites were defaced, which is 15 
per cent of the total number of hacked sites in the '.in' domain while 
81 '.co.in' websites were defaced.

The Emergency Response Team at Cert-In handles computer security 
incidents in India.

Of the total 1,752 Indian websites defaced, 67.5 per cent were '.com' 
domain websites and 15.9 per cent were '.in' websites.

There has been a phenomenal increase in the '.in' domain (India 
specific) defacements. The first half of 2006 saw 278 '.in' websites 
being defaced - the majority of these were commercial websites.

This is a huge leap from 2005, when the number of websites that were 
defaced in the whole year amounted to 373.

A high number of Country Code top level domain sites -- .co.in, .net.in, 
.gov.in, .org.in, .nic.in, .ernet.in, .ac.in and .res.in -- were defaced 
with commercial sector contributing 68.3 per cent of the defacements and 
Government sector had a share of 27.3 per cent of this.

Three Indian Government sites were also defaced on the VSNL network were 
-- www.fmc.com, www.railnet.com and www.ieg.com.

Government officials have told PTI that most defacements result from 
hackers using pre-fabricated exploits to gain administrative control of 
the target system and then replacing the web pages hosted on the system 
with their own systems.

On rare occasions, attackers may not have had an opportunity to gain any 
user-level privileges on the target server but were able to take 
advantage of poorly written web scripts or vulnerability of web servers 
to carry out the defacement.


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Wed Dec 27 2006 - 22:56:29 PST