Image may be NSFW.
Clik here to view.
The Indian consulate’s website is the latest Indian diplomatic internet outlet hacked by a person claiming to be a 17-year-old student in Tokyo who asserts that it was a well-intentioned attempt to show the vulnerabilities that “even kids could exploit”.
The person, using the identity Kapustkiy, who had earlier hacked the web sites of seven Indian diplomatic missions in Europe and Asia, posted on a public web site the partial personal information of 418 people registered with the consulate said to be taken by penetrating its website.
Last week web sites of Indian diplomatic missions in South Africa, Libya, Malawi, Mali, Italy, Switzerland and Romania were hacked and non-public information were posted publicly.
In an interview conducted by IANS on November 14 using Twitter, Kapustkiy said: “It took me only three seconds to gain access to their database.”
“Even the kids could exploit it,” he said of the vulnerabilities in the way the programming language, SQL or Structured Query Language, was used on the web sites. SQL is used by web sites to manage databases.
His method was different from the hacking of Indian defense, business and media sites exposed last year by a Silicon Valley cybersecurity firm, FireEye, which said it was likely by China.
Those penetrations required more elaborate efforts like planting spying software in emails sent to people using those sites. But Kapustkiy’s methods appeared to be simpler and more direct, exposing more dangerous vulnerabilities.
The list said to be from the New York consulate was posted on a website, pastebin.com, which is open for public posting of information. The list was still on the site Nov. 14 night, even though the earlier postings from other Indian missions have been removed.
The web site says that it is powered by Ardhas Technology India Private Limited, which has its registered office in Erode, Tamil Nadu. A request to it for comment had not received a response by Monday night.
Kapustkiy said: “I don’t describe myself as a hacker or something, but as a security pentester.” Pentester is short for penetration testers who examine the weaknesses of internet sites to intrusions. On his Twitter account he also describes himself as a “cyber detective”.
He said that Indian officials have not contacted him.
Around 20 domains connected to the Indian missions were hacked in the past and although they have been patched, he said. Asked about his nationality, he said, “I don’t want to tell where I’m from, but most media are claiming that I’m from the Netherlands,” he said.
The post N.Y. Consulate Latest Among Indian Diplomatic Websites To Be Hacked appeared first on News India Times.
