The Web site of Crime Investigation Department (CID) of the Andhra Pradesh police was hacked by a group of hackers that claimed to be from Pakistan. Exposing flaws in the cyber security of a key department, a group called itself Zombie_KSA defaced the Web site www.cidap.gov.in and pasted offensive messages.
It claimed that its action was in response to the hacking of website of Pakistan’s Oil and Gas Regulatory Authority (OGRA) by an Indian group HMG. “You guys hacked Paki OGRA Web site. Don’t hack small Paki sites,” said the message. The group also claimed to have hacked the websites of a leading Indian bank and a television channel. The hackers also tampered with the information about 10 most wanted criminals, which included some suspected terrorists. The site could not be restored until late in the evening.
The police have ordered an inquiry as to how the hackers could break into the website. They were in touch with a private firm, which hosts the CID website.
“This seems like a very common type of problem, which perhaps exists among most of the Web sites, which may have a secure hosting server, but the security flaws in the coding of these Web sites can possibly leads to a hacking attempts. Some of the state department Web sites are dynamic in nature and are connected to some sort of database or a content management system that is use to derive the content. To prevent unauthorized access to the backend of these Web sites, a two factor authentication solution should be used. This is for the reason that we all know that it is quite easy for the hackers to compromise the username and password. 2-factor authentication tends to be dynamic Passcode, which changes for every login attempt can reduce the risk of compromise,” said says Nitin Kathuria, Director - Operations and Strategy, Lancers e-Risk Solutions.