Pakistan Haxors Crew has allegedly claimed that they were behind the hacking of official websites’ of Indian universities. The attack had affected websites like Indian Institute of Technology Delhi (IIT Delhi), IIT Varanasi, Aligarh Muslim University (AMU) and Delhi University (DU) among the prominent ones.
When ETtech reached out to the hacking group, they pointed out that it was too easy for them to target any Indian website. “We didn’t particularly target any country but these websites are too much easy to access. There are a lot of loopholes from where we can get into the server.”
They also mentioned that these websites were exploited with their personal methods which they didn’t want to discuss further. “But I can tell you one thing which is the major reason of getting access is Remote Code Execution.”
One of the spokesperson of the group claimed that they were formed in 2011 and is a group of teenagers. The person even warned that this was just a payback for hacking websites’ based in Pakistan. “Some Indian hacker hacked Pakistani railways website, so this was just a little payback. If this continues there is a lot more to come.”
According to a source who didn’t want to be quoted said that the nature of such attacks point to registrar & DNS controller based attack. " This is not a website based attack. Evidently, all affected domains are .ac.in domains and this was an ERNET based attack, as their servers were not compromised.”
DNS is a service which is used to convert the easy to remember domain names like iitd.ac.in to their respective logical server addresses like 103.27.9.20. Education and Research Network of India, ERNET.in, manages the entire Domain to IP mapping of all ac.in websites.
The source explains that instead of the servers of these websites being hacked; the hackers simply attacked the DNS provider and mapped the domain to their custom server which then displayed the abusive messages and videos.
When questioned about the loss of information the source points out that any kind of critical information loss will only be revealed much later. “A redirection not only affects the web requests but also the email services. This means that every mail that was sent to this domain such as xyz@du.ac.in, could have been redirected to hacker controlled mail boxes resulting in severe data loss. Also, any crucial emails (read confidential) would be read by the hackers. "
This is very similar to the Indian National Congress hack by Legion group in last November 2016 wherein Hackers were able to do a similar exploit to redirect mails and then gain access to social network accounts of Rahul Gandhi and other Congress pages by resetting their passwords
Although this seems to be a simple redirection for sending a message, but the potential data loss could be quite massive.
Looking at the severity of the attack, a spokesperson from BugsBounty.com, one of the largest communities of Ethical Hackers globally recommends that all compromised institutions and employees, teachers, students using .ac.in powered emails need to take precautions immediately.
"They need to inform ERNET India, CERT India and their respective institutions, if they were expecting any sensitive emails, and immediately change their passwords on their banks, social media, web & mobile based services that may have been reset maliciously by hackers or worse, those services may have been compromised already!”
The spokesperson from the hacking group says that apart from other things, they love to hack for such payback situations and interestingly mentioned that they have a lot of friends in India.