[ISN] India: 112 government sites hacked in 3 months

https://www.zdnet.com/blog/security/india-112-government-sites-hacked-in-3-months/10915

By Emil Protalinski
Zero Day
March 18, 2012

112 Indian government websites were hacked in the last three months, 
according to Sachin Pilot, Minister of State for Communications and IT. 
The hacked websites were part of government agencies belonging to Andhra 
Pradesh, Madhya Pradesh, Rajasthan, Tamil Nadu, Maharashtra, Gujarat, 
Kerala, Orissa, Uttar Pradesh, Sikkim, and Manipur. Also included were 
the Ministry of Finance, Health, Planning Commission, and Human Resource 
Development, according to India Times.

The website of state-owned telecom operator Bharat Sanchar Nigam Limited 
(BSNL) was attacked for the fourth time on December 4, by a Pakistani 
hacker group called “H4tr!ck.” In fact, at least 22 websites under the 
Rajasthan state government were destroyed by hackers, mostly from 
Pakistan, in February. They deleted or stole data from the various sites 
of important departments including technical education, college 
education and finance, according to sources cited by India Times.

State government websites have very poor security practices. For 
example, most government websites in Rajasthan run on single server. 
This means if a hacker exploits a single vulnerability in any of the 
websites, he or she can compromise the other websites as well by taking 
control of the whole server. To make matters worse, when data is 
deleted, backups are simply uploaded back to website. Given that the 
sites are attacked again and again, it would appear that nothing is 
being done to actually fix the security issues.

[...]


______________________________________________________________________________
CISSP and CEH training with Expanding Security is the fastest, easiest way
to grock the relevant data you need now.   A free class invite is in every
PainPill.  Sign up for the free weekly PainPill .  It's that easy.
http://www.expandingsecurity.com/PainPill