Supreme Court Website DefacedA Brazilian Hacking Team Suspected of Hacking
In the latest in a string of government website defacements and hackings, the website of Supreme Court of India was defaced Thursday. The "HighTech Brazil Hackteam" was mentioned on the defaced site, according to a News18 report.
Messages in Portuguese, including "te amo linda pequena... melhor amiga que ja tive," which translate to "I love you beautiful little girl" and "Smile my little girl," were also displayed on the site with a marijuana leaf, the news reports says.
On the website, supremecourtofindia.nic.in, the message "this site can't be reached" was displayed as of Thursday night suggesting that the website has been pulled down to control further damage.
The same hack team apparently has compromised hundreds of websites around the world in 2013, including some Indian websites; websites belonging to South African satellite TV service TopTV, the Greek National Printing Office, among many others, according to News18.
The Ministry of Electronics and Information Technology confirmed on Thursday that the Supreme Court's website had been hacked. Cert-IN, the Ministry's emergency response team, has advised the Supreme Court on steps to be taken to restore the website and will also analyze the details of the incident, according to a report by The Hindu.
The website was defaced minutes after the Supreme Court rejected a plea for an independent probe in to the controversial death of Central Bureau of Investigation Judge Brijgopal Harkishan Loya, who was hearing the high-profile Sohrabuddin Sheikh fake encounter case, according to news reports.
The Supreme Court's decision to reject the plea has drawn extreme views with many criticizing it for "following government orders."
While the actual motive and method of the defacement incident are not yet clear, some security practitioners suspect that it involved SQL injections affecting servers.
The hacking comes days after the website of the Ministry of Defense was defaced, with characters in Mandarin displayed.
But the National Informatics Centre, an entity which works under Ministry of Electronics and Information Technology, insisted that the Ministry of Defense website had not been hacked, claiming a technical issue caused the site to go down. MeitY said the offending Chinese character showed the default logo of the Drupal Zen Framework (see: Government Website Vulnerabilities: Mitigating the Risks).
The Supreme Court website defacement episode sent Twitterati into a frenzy. One of the tweets read: "How can the government protect the privacy of an individual when prime institution like the Supreme Court is getting hacked?"
"I am sure like in previous cases, the Supreme Court later will say its website was under maintenance," says one practitioner, who asked not to be named. "We are talking about digital transformation, and when can't take care of our government and Supreme Court website."
No no... Supreme Court website is not hacked. Just a problem with the CMS. The leaf symbol is just a Logo for Weed Energy that our Banana Republic runs on. #SupremeCourt #Hacked pic.twitter.com/TCzSFAQqJU— Chef Ali Vaidya (@AuntyHindutva) April 19, 2018
Government Websites Targeted
Defacing or hacking of government websites has become common in India. In recent months, breaches have hit Bharat Sanchar Nigam Limited, the state-run telecommunications company; India Post; the Indian Space Research Organization and others.
Last year, the Ministry of Electronics and IT said that over 700 websites of central and state departments were hacked in the past four years, with most of the hackers involved arrested.
In March, it was reported that over 22,000 Indian websites, including 114 government portals, were hacked between April 2017 and January 2018. Minister of State for Electronics and IT K. J. Alphons said that all the new government websites and applications are to be audited with respect to cybersecurity before they go live, plus they must be audited on a regular basis.
Even Union Home Minister Rajnath Singh has been reiterating that India needs to create new barriers to block hackers.
Lagging Security Measures
Golok Simli, CTO at the Ministry of External Affairs, tells Information Security Media Group that most government departments are still stuck with network operations center and aren't aware of security operations center.
"Security has to be given prime importance. This will only happen when we security posture layers are built in the top layer of the hierarchy," Simli says. "As a result there isn't enough security skills. Things are changing but it will take time."