India Remains an Easy Target for Hackers in '06
A study carried out by the Department of Information Technology, Government of India revealed that Indian sites continued to be favorite targets for hackers in the early part of 2006. Hacker communities defaced not less than 340 Indian websites in November 2006 as compared with 244 sites in previous month. A total of over 4000 Indian official and non-official sites were targeted by hackers between January and September of 2006.
The Indian Computer Emergency Response Team (CERT-In) says that about 50 per cent of the attacked websites were commercial and had the .com tag. 172 reported cases of disfigurement were related to .com domain websites, while 91 instances were brought to notice for the .in (country specific) domain, 43 for the .org (organization) domain, 12 for the .net (network) domain, 21 for the .info domain (for informative websites) and just 1 for the .edu (education) domain. However, the information does not reveal the identities of the Indian websites that were attacked.
A high number of Country Code top-level domain sites were mutilated, with the commercial domain bearing 68.3 per cent of the attacks and government sites having a share of 27.3 per cent. Sources in government have told Press Trust of India that the majority of defacements were due to the use of pre-fabricated exploits by hackers to obtain administrative leverage and substitute their own pages for the system web pages. On less frequent occasions, though hackers may have been denied a chance to acquire any user-level advantages on the target server, they were able to exploit badly written web scripts or failure of web servers to implement the defacement.
Earlier in 2006, the Ministry of Home Affairs (MHA) asked all central ministries and departments not to approach private companies or overseas servers for hosting their websites. This followed the targeting of a number of government sites hosted in this manner by various hacker groups.
In its instruction, the MHA has advised that ministries and departments should have their sites hosted only on servers belonging to the federal and state governments. A deadline for compliance was, however, not mentioned.
Related article: India Sets Up The First Online Cyber Law Clinic
» SPAMfighter News - 30-12-2006