lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <a56479a50708311033x11a5aea1i98f59712fa223b94@mail.gmail.com>
Date: Fri, 31 Aug 2007 18:33:30 +0100
From: "hack the gov" <hackthegov@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: 100 Embassies and governments hacked in
	global security breach

http://www.timesnow.tv/Newsdtls.aspx?NewsID=2382

Key Indian websites hacked
8/31/2007 2:04:30 PM

'DEranged security' offers over 100 email accounts and passwords of
government organisations across the world
In a startling development of a major cyber security breach,  a
Swedish hacker, who has managed to hack into emails of Indian
embassies in the US, China, Germany, Belgium, among others, has
triggered a million dollar question on the issue of cyber security in
India, or rather, lack of it. The issue has raised much-debated
question of inadequate cyber laws in India and the government's lax
approach towards cyber crime and cyber security.

The Sweden-based hacker has also managed to hack the emails of the
National Defence Academy (NDA) & DRDO officials.

The hacker has reportedly posted email ID's and passwords of 100 email
accounts of embassies & government offices across the world including
13 Indian establishment on his website -- www.derangedsecurity.com

It is still unclear as to how the passwords were accessed by the
hacker as he has posted his name on the web as Dan Egerstad from Malmo
in Sweden.

Logging on to the website allows users to access key emails of several
Indian embassies across the world. The mail-box of the administration
officer of the National Defence Academy and a director of the Defence
Research and Development Organisation has also been hacked..

"I WAS JUST CHECKING THE SYSTEM"

Meanwhile, TIMES NOW managed to get in touch with the alleged hacker
-- Dan Egarstam -- and spoke to him as to how he stumbled on to the
critical information.

Speaking on the issue and clarifying his stand, Dan Egarstam said:"I
just stumbled on to this information. It's very easy to get the
information. I published the information in a bid to get some
attention on the security loopholes and getting it fixed."

He further added:"I don't think that what I have done is illegal and I
have never hacked into anything. Moreover, I haven't logged into any
of these accounts, however, I do have access to emails but that is
because poor security. Once in a while, you do stumble on to some
information on the internet. Usually, I contact the people involved
and tell them how to fix it, however, in this case I didn't really
think that I could --probably, the Indian government would not have
listened or if they would have, they would have charged me with cyber
crime."

TIMES NOW ACCESSES INFORMATION

In a bid to confirm the facts, TIMES NOW has been able to access
several of these emails using data from the website. Email account of
NDA accessed by TIMES NOW had details of purchases made by the NDA.

GOVT OFFICIALS REACT

And reacting to the TIMES NOW story, the Govt sources have alleged
that there is  a contingency plan to protect govt property in the
cyber world and it is pending with the decision makers in the Home
Ministry. The sources further claimed that each case of hacking has to
be analyzed separately.

Sources also claimed that hacking is done with various motives and
they are trying to establish the motive in this case. Moreover, it's
also learnt that the National Informatics Centre is working on a plan
to ensure safety and security of govt property in the cyber world.

Plans are afoot by the government to sensitize various govt
departments and ministries to strengthen security systems to protect
websites and other material in the cyber world.

However, precautionary measures are already in place in case of such
instances. A body called NTRO - National Technical Reserach
Organisation -- was established in 2005 as a premier organisation
gathering technical intelligence for the Government of India. The main
role of the NTRO is to ensure and suggest safeguards for government
property on the world wide web. NTRO is also in charge of handling
technical surveillance.

After the Naval war room leak, the Ministry of External Affairs has
reportedly tightened security measures and also have disallowed any
confidential information to be put on email.

WHAT CYBER-LAW EXPERT HAD TO SAY?

Commenting on the issue, the cyber law expert, Pawan Duggal, said:"We
have some basic challenge in this case. The first being that the
hacker is located outside the physical boundary of India so the Indian
law would not apply. Clearly, in this case it will take a long time to
get him to India so virtually we have no effective remedy in this
case.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ