Thursday October 18, 2018
Home Science & Technology An Indian Ext...

An Indian External Affairs Ministry Official Thanks 17-Year-Old Hacker for pointing out Flaws in Indian Diplomatic Missions’ Websites

Kapustkiy had posted on a web site some personal information of 418 people registered with the mission

0
//
148
Hacking ( representational Image) VOA
Republish
Reprint

New York, November 16, 2016: An Indian External Affairs Ministry official has thanked a 17-year-old hacker who exposed flaws in Indian diplomatic missions’ websites that allowed intruders to gain access to non-public information, and said the problems were being fixed.

“Thank you for your advice,” Sanjay Kumar Verma, Joint Secretary, eGovernance and Information Technology wrote to the hacker who uses the identity, Kapustkiy. “We are fixing codes one by one.”

NewsGram brings to you current foreign news from all over the world.

“Your help in probing websites of various Indian embassies is a great help,” he added.

Kapustkiy, who posted Verma’s message to him on his Twitter account and copied to an IANS correspondent, has broken into websites of Indian diplomatic missions in eight countries.

Meanwhile, the Indian Consulate here said that its website was being secured. Kapustkiy had posted on a website some personal information of 418 people registered with the mission, that he said he got by intruding into its web site.

“The consulate has taken immediate action to secure the contents of its website,” L. T. Ngaihte, the head of chancery, said in a note to IANS.

In addition to the New York consulate, Kapustkiy had broken into web sites of Indian diplomatic missions in South Africa, Libya, Malawi, Mali, Italy, Switzerland and Romania and put some information he had taken from there on pastebin.com, which is open for public posting of information.

NewsGram brings to you top news around the world today.

Kapustkiy, who said he is a student in Tokyo, asserted, “It took me only three seconds to gain access to their database.”

He said that his intentions in carrying out the hack were good and that he did not consider himself a hacker.

“I didn’t want to do any damage but to let administrators to pay attention (to the vulnerabilities),” Kapustkiy told IANS in an interview conducted on Twitter messaging.

He said that he decided to post some information on pastebin.com because he did not get a response from web site administrators when he pointed out the flaws.

“While we appreciate your help, please do not post the details on Paste Bin,” Verma wrote to him.

Check out NewsGram for latest international news updates.

Verma’s response was in reply to Kapustkyi’s email with suggestions on fixing the security flaws. He used ProtonMail, a secure service that operates under the strict Swiss laws that protect the identity of users and the communications.

The personal information from the New York Consulate General that was posted on pastebin.com has been removed while some non-personal information remained as of Wednesday evening. The material from other Indian missions were scrubbed earlier. (IANS)

Click here for reuse options!
Copyright 2016 NewsGram

Next Story

Aadhaar Helpline Mystery: French Security Expert Tweets of doing a Full Disclosure Tomorrow about Code of the Google SetUP Wizard App

0
cryptocurrency. google
Pichai met with senior Republicans on Friday to discuss their concerns, House Majority Leader Kevin McCarthy said. Wikimedia Commons

Google’s admission that it had in 2014 inadvertently coded the 112 distress number and the UIDAI helpline number into its setup wizard for Android devices triggered another controversy on Saturday as India’s telecom regulator had only recommended the use of 112 as an emergency number in April 2015.

After a large section of smartphone users in India saw a toll-free helpline number of UIDAI saved in their phone-books by default, Google issued a statement, saying its “internal review revealed that in 2014, the then UIDAI helpline number and the 112 distress helpline number were inadvertently coded into the SetUp wizard of the Android release given to OEMs for use in India and has remained there since”.

Aadhaar Helpline Number Mystery: French security expert tweets of doing a full disclosure tomorrow about Code of the Google SetUP Wizard App, Image: Wikimedia Commons.

However, the Telecom Regulatory Authority of India (TRAI) recommended only in April 2015 that the number 112 be adopted as the single emergency number for the country.

According to Google, “since the numbers get listed on a user’s contact list, these get  transferred accordingly to the contacts on any new device”.

Google was yet to comment on the new development.

Meanwhile, French security expert that goes by the name of Elliot Alderson and has been at the core of the entire Aadhaar controversy, tweeted on Saturday: “I just found something interesting. I will probably do full disclosure tomorrow”.

“I’m digging into the code of the @Google SetupWizard app and I found that”.

“As far as I can see this object is not used in the current code, so there is no implications. This is just a poor coding practice in term of security,” he further tweeted.

On Friday, both the Unique Identification Authority of India (UIDAI) as well as the telecom operators washed their hand of the issue.

While the telecom industry denied any role in the strange incident, the UIDAI said that he strange incident, the UIDAI said that some vested interests were trying to create “unwarranted confusion” in the public and clarified that it had not asked any manufacturer or telecom service provider to provide any such facility.

Twitter was abuzz with the new development after a huge uproar due to Telecom Regulatory Authority of India (TRAI) Chairman R.S. Sharma’s open Aadhaar challenge to critics and hackers.

Ethical hackers exposed at least 14 personal details of the TRAI Chairman, including mobile numbers, home address, date of birth, PAN number and voter ID among others. (IANS)

Also Read: Why India Is Still Nowhere Near Securing Its Citizens’ Data?