The cyber war between India and Pakistan continue to rises as an Indian blackhat group Indishell defaced 30 Pakistani government websites only a few days ago including sites such as pak.gov.pk, paknavy.gov.pk, sindh.gov.pk, etc. The reason behind this recent attack was in retaliation to the hacking of the official website Bharatiya Janata Party (BJP) of Karnataka which was defaced by a Pakistani blackhat group. We fear that this war is going to continue to rise to increasing numbers in the near future.
Prior to this attack, Indishell already attacked other high profile Pakistani sites. Indishell believes that the government of Pakistan is involved with various Pakistani attackers instructing them to hack Indian sites. The Pakistani government also received a notice from Indishell as a message on one of the recently hacked websites.
The rivalry between Indian and Pakistani hackers has been going on since years now. This only goes to show that the governments of both Pakistan and India fail to understand the importance of securing official websites along with other websites from attackers, due to which huge security vulnerabilities seem to exist which makes it extremely simple for attackers to exploit.
How did the situation get so bad? In all honesty, it’s the fault of the hosting provider and the application developer of the websites that got attacked. First of all, the hosting infrastructure should have been properly secured and segregated. Applications and servers should have been audited for security and hardened according to a standard. Blackhats tend to target the web application first and exploit it to access the server hosting the website. So, it’s a jack pot for an attacker if he gets access to the server which hosts multiple sensitive websites. Following is a list of Pakistani government websites that were hosted on a single server (188.8.131.52-static.reverse.softlayer.com) that got attacked:
It’s very saddening to know that so many high profile government websites are hosted at a third-party hosting provider and possibly even on a same server, a poor practice for websites that has information of extreme sensitive nature. This is the same server that hosts websites for National Telecommunication Corporation (NTC)– www.ntc.net.pk – Official IT&T Service Provider for Government of Pakistan and the abandoned National Response Centre for Cyber Crimes (NR3C) – www.nr3c.gov.pk. We wonder if these organizations actually noticed this defacement and decided to take security seriously. It’s never advised to put all eggs in one basket. Moreover, even when hosting multiple websites on the same box, server should be configured in such a way that even though if an attacker is able to exploit an application, he should not be able to access the server and other websites.