A 6-year-old can breach it, says hacker who broke into Indian consulate website
The website and database of India’s consulate in New York have allegedly been hacked by the same hacker who dumped data from seven Indian missions in Europe and Africa online last week.india Updated: Nov 14, 2016 22:54 IST
The website and database of India’s consulate in New York have allegedly been hacked by the same hacker who dumped data from seven Indian missions in Europe and Africa online last week.
The hacker, who goes by the name Kapustkiy on Twitter, claimed responsibility for hacking the Indian consulate’s website on Monday.
The leaked database, containing names, email IDs and phone numbers of mission staffers, was published on pastebin.com. At the time of filing this report, the database was still available to the public on pastebin.
There was no immediate word from the external affairs ministry.
Kapustkiy told HT about the data dump: “It could have been way worse, believe me. It could be entries of around 7500 people, but I decided to leak only 400 entries belonging only to the employees.”
The hacker claimed the whole database was not posted online out of respect for the privacy of people whose data was hosted on the site. According to the hacker, the database contained complete addresses and zip codes as well.
“I don’t want to cause any damage, just want them to pay attention to the security on their websites. I have tried to reach out to them multiple times but they only respond when the media reports these hacks,” the hacker added.
“The websites have a SQL vulnurability. Even a six-year-old could breach it,” Kapustkiy had told HT about the previous hack that targeted seven Indian missions in Africa and Europe.
A SQL vulnerability is a security flaw in a database. A hacker inserts malicious content into the database by using forms on the website, accessing the website code or via email. This malicious content compromises the security of the database and gives the hacker unfettered access.
An example of such an attack was the Sony hack of 2011 when one million accounts and passwords were released online.
“It’s not hard to fix it. You just have to be aware of such things because most of the time you want contact them and say that they have vulnerabilities, they just ignore you,” Kapustkiy added.
The hacker claimed to be under the age of 18 and a resident of the Netherlands. The hacker calls himself a “grey hat” and claimed the hack was an attempt to inform administrators about vulnerabilities on their websites.