Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] 100 Embassies and governments hacked in global sec

from [hack the gov] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] 100 Embassies and governments hacked in global security breach
Date: Fri, 31 Aug 2007 18:33:30 +0100 
http://www.timesnow.tv/Newsdtls.aspx?NewsID=2382

Key Indian websites hacked
8/31/2007 2:04:30 PM

'DEranged security' offers over 100 email accounts and passwords of
government organisations across the world
In a startling development of a major cyber security breach,  a
Swedish hacker, who has managed to hack into emails of Indian
embassies in the US, China, Germany, Belgium, among others, has
triggered a million dollar question on the issue of cyber security in
India, or rather, lack of it. The issue has raised much-debated
question of inadequate cyber laws in India and the government's lax
approach towards cyber crime and cyber security.

The Sweden-based hacker has also managed to hack the emails of the
National Defence Academy (NDA) & DRDO officials.

The hacker has reportedly posted email ID's and passwords of 100 email
accounts of embassies & government offices across the world including
13 Indian establishment on his website -- www.derangedsecurity.com

It is still unclear as to how the passwords were accessed by the
hacker as he has posted his name on the web as Dan Egerstad from Malmo
in Sweden.

Logging on to the website allows users to access key emails of several
Indian embassies across the world. The mail-box of the administration
officer of the National Defence Academy and a director of the Defence
Research and Development Organisation has also been hacked..

"I WAS JUST CHECKING THE SYSTEM"

Meanwhile, TIMES NOW managed to get in touch with the alleged hacker
-- Dan Egarstam -- and spoke to him as to how he stumbled on to the
critical information.

Speaking on the issue and clarifying his stand, Dan Egarstam said:"I
just stumbled on to this information. It's very easy to get the
information. I published the information in a bid to get some
attention on the security loopholes and getting it fixed."

He further added:"I don't think that what I have done is illegal and I
have never hacked into anything. Moreover, I haven't logged into any
of these accounts, however, I do have access to emails but that is
because poor security. Once in a while, you do stumble on to some
information on the internet. Usually, I contact the people involved
and tell them how to fix it, however, in this case I didn't really
think that I could --probably, the Indian government would not have
listened or if they would have, they would have charged me with cyber
crime."

TIMES NOW ACCESSES INFORMATION

In a bid to confirm the facts, TIMES NOW has been able to access
several of these emails using data from the website. Email account of
NDA accessed by TIMES NOW had details of purchases made by the NDA.

GOVT OFFICIALS REACT

And reacting to the TIMES NOW story, the Govt sources have alleged
that there is  a contingency plan to protect govt property in the
cyber world and it is pending with the decision makers in the Home
Ministry. The sources further claimed that each case of hacking has to
be analyzed separately.

Sources also claimed that hacking is done with various motives and
they are trying to establish the motive in this case. Moreover, it's
also learnt that the National Informatics Centre is working on a plan
to ensure safety and security of govt property in the cyber world.

Plans are afoot by the government to sensitize various govt
departments and ministries to strengthen security systems to protect
websites and other material in the cyber world.

However, precautionary measures are already in place in case of such
instances. A body called NTRO - National Technical Reserach
Organisation -- was established in 2005 as a premier organisation
gathering technical intelligence for the Government of India. The main
role of the NTRO is to ensure and suggest safeguards for government
property on the world wide web. NTRO is also in charge of handling
technical surveillance.

After the Naval war room leak, the Ministry of External Affairs has
reportedly tightened security measures and also have disallowed any
confidential information to be put on email.

WHAT CYBER-LAW EXPERT HAD TO SAY?

Commenting on the issue, the cyber law expert, Pawan Duggal, said:"We
have some basic challenge in this case. The first being that the
hacker is located outside the physical boundary of India so the Indian
law would not apply. Clearly, in this case it will take a long time to
get him to India so virtually we have no effective remedy in this
case.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] World's most powerful supercomputer goes online (fwd), Valdis . Kletnieks
Next by Date:  [Full-disclosure] [USN-510-1] Linux kernel vulnerabilities, Kees Cook
Previous by Thread:  [Full-disclosure] 100 Embassies and governments hacked in global security breach, hack the gov
Next by Thread:  [Full-disclosure] [USN-510-1] Linux kernel vulnerabilities, Kees Cook
Indexes:  [Date] [Thread] [Top] [All Lists]