A 6-year-old can breach it, says hacker who broke into Indian consulate website

Updated on Nov 14, 2016 10:54 PM IST

The website and database of India’s consulate in New York have allegedly been hacked by the same hacker who dumped data from seven Indian missions in Europe and Africa online last week.

The website and database of India’s consulate in New York have allegedly been hacked .(Representative image)
The website and database of India’s consulate in New York have allegedly been hacked .(Representative image)
Hindustan Times | By, New Delhi

The website and database of India’s consulate in New York have allegedly been hacked by the same hacker who dumped data from seven Indian missions in Europe and Africa online last week.

The hacker, who goes by the name Kapustkiy on Twitter, claimed responsibility for hacking the Indian consulate’s website on Monday.

The leaked database, containing names, email IDs and phone numbers of mission staffers, was published on pastebin.com. At the time of filing this report, the database was still available to the public on pastebin.

There was no immediate word from the external affairs ministry.

Kapustkiy told HT about the data dump: “It could have been way worse, believe me. It could be entries of around 7500 people, but I decided to leak only 400 entries belonging only to the employees.”

Read | Websites of 7 Indian missions ‘hacked’, data allegedly put online

The hacker claimed the whole database was not posted online out of respect for the privacy of people whose data was hosted on the site. According to the hacker, the database contained complete addresses and zip codes as well.

“I don’t want to cause any damage, just want them to pay attention to the security on their websites. I have tried to reach out to them multiple times but they only respond when the media reports these hacks,” the hacker added.

“The websites have a SQL vulnurability. Even a six-year-old could breach it,” Kapustkiy had told HT about the previous hack that targeted seven Indian missions in Africa and Europe.

A SQL vulnerability is a security flaw in a database. A hacker inserts malicious content into the database by using forms on the website, accessing the website code or via email. This malicious content compromises the security of the database and gives the hacker unfettered access.

An example of such an attack was the Sony hack of 2011 when one million accounts and passwords were released online.

“It’s not hard to fix it. You just have to be aware of such things because most of the time you want contact them and say that they have vulnerabilities, they just ignore you,” Kapustkiy added.

The hacker claimed to be under the age of 18 and a resident of the Netherlands. The hacker calls himself a “grey hat” and claimed the hack was an attempt to inform administrators about vulnerabilities on their websites.

Get Latest India Newsalong with Latest Newsand Top Headlinesfrom India and around the world.
SHARE THIS ARTICLE ON
  • ABOUT THE AUTHOR

    Siladitya Ray was part of Hindustan Times’ nationwide network of correspondents that brings news, analysis and information to its readers. He no longer works with the Hindustan Times.

SHARE
Story Saved
OPEN APP
×
Saved Articles
Following
My Reads
My Offers
Sign out
New Delhi 0C
Thursday, February 09, 2023
Start 15 Days Free Trial Subscribe Now
Register Free and get Exciting Deals