Just 1 minute to hack a govt website

[dhruv227]

'It takes just 1 minute to hack a govt website'​

Ethical hacker Harold D'Costa breaks into a government website and intimates them immediately so they can secure the systems

Guess how long it took ethical hacker Harold D'Costa to hack into the website of the Maharashtra Motor Vehicles Department? Just a minute. D'Costa, who is the director of Intelligent Quotient System, a city-based cyber security firm, demonstrated how simply and quickly www.mahatranscom.in can be hacked.

According to D'Costa, websites written on SQL platform with open-ended codes can be easily hacked into with an SQL injection. Sitting comfortably in his own office on Wednesday, he first logged into the Maharashtra Motor Vehicles department website with an SQL Injection code. He then showed how several changes can be made to the website and saved it for other visitors to read. For example, one could easily change notices posted on the site or tamper with the rules and regulations for vehicle owners and taxation laws.

Over the last one year, D'Costa has trained 1,600 policemen in the state to detect cyber crime. In fact, he says he even brought the matter to the attention of Additional Commissioner S V Thakur on June 1. Thakur explained to D'Costa that due to the unavailability of IT experts, he could not address the issue right way and would get back to him in 10 days.

D'Costa alleges that Thakur didn't do so. Thakur said, "Yes, D'Costa had informed me that the site is vulnerable and needs to be secured. However, he was the one who was supposed to meet me and discuss the issue."

 

[zen-r]

dhruv227, on another of your many posts like this, Kayos reminded you to at least please state your sources.

Source : copied from here ; http://forum.santabanta.com/showthread.htm?t=137641

This is probably the original source ; http://www.mid-day.com/news/2009/ju...overnment-website-Additional-Commissioner.htm

 

[dhruv227]

i did not copy it from santabanta.com, i copied it from the Mid-Day Newspaper ( the hard copy one )

 

[Smith6612]

It's no surprise to hear about Government websites and other government systems exposed to the internet being the least bit secure. The government's been quite lax about their upgrades, and that's where the whole case two months ago of the government hiring hackers to secure their stuff came from. Now of course top secret/mission critical stuff is probably on a closed circuit network, but you never know these days.

 

[zen-r]

i did not copy it from santabanta.com, i copied it from the Mid-Day Newspaper ( the hard copy one )

OK, fair enough.

Most of your other stuff came from santabanta though, & since your post appeared here just after the story appeared there, it still seems most likely that this post also came from there.

Anyway, doesn't matter where it came from, as long as source is quoted with post.

@Smith6612/ This story......
I read on a tech site almost daily about new losses of data, missing & stole hard drives, hacked systems etc from the UK government & services, banks, etc. If even our armed forces can't keep their secret & highly sensitive data on their personnel from "walking" out of the door, this story posted here really doesn't surprise me in the least.

Nowadays, systems holding any data, & the people using these systems, just can't be regarded as secure any more. Any data held about you anywhere should be regarded as insecure & highly likely to be available publicly at some point in the future. :frown:

 

[merrillmck]

I agree ... just mention your source (whether by link or telling us what book it is from). Most of the time this is sufficient ...

 

[jmcgowan]

@smith6612: I don't know about other countries, but in the US anything classified is indeed on a closed network. Other countries I don't know so much about though.

@zen-r: I find it interesting that there is far more information stolen from people through hard copies and actual physical theft like you mentioned in your last post than there is through cyber-theft. Most identity theft is committed because someone stole a credit card number in person and then used it online, not through online theft. It's amazing how many people will refuse to shop online or give out so much as their real name online, and then throw away a credit card statement without shredding it first.

 

[changc]

That's pretty misleading, considering that is was a government website, but one for the department of motor vehicles. There isn't really much needed to hack such a site, and other, more important websites (like military, for example) would have higher security.