Sunday December 15, 2019
Home Science & Technology An Indian Ext...

An Indian External Affairs Ministry Official Thanks 17-Year-Old Hacker for pointing out Flaws in Indian Diplomatic Missions’ Websites

Kapustkiy had posted on a web site some personal information of 418 people registered with the mission

0
//
ethical hacking, CEH certification
CEH Certification has now become one of the most common courses to take up in this present era where technology has already driven people crazy regarding its fabulous results and outputs. VOA

New York, November 16, 2016: An Indian External Affairs Ministry official has thanked a 17-year-old hacker who exposed flaws in Indian diplomatic missions’ websites that allowed intruders to gain access to non-public information, and said the problems were being fixed.

“Thank you for your advice,” Sanjay Kumar Verma, Joint Secretary, eGovernance and Information Technology wrote to the hacker who uses the identity, Kapustkiy. “We are fixing codes one by one.”

NewsGram brings to you current foreign news from all over the world.

“Your help in probing websites of various Indian embassies is a great help,” he added.

Kapustkiy, who posted Verma’s message to him on his Twitter account and copied to an IANS correspondent, has broken into websites of Indian diplomatic missions in eight countries.

Meanwhile, the Indian Consulate here said that its website was being secured. Kapustkiy had posted on a website some personal information of 418 people registered with the mission, that he said he got by intruding into its web site.

“The consulate has taken immediate action to secure the contents of its website,” L. T. Ngaihte, the head of chancery, said in a note to IANS.

In addition to the New York consulate, Kapustkiy had broken into web sites of Indian diplomatic missions in South Africa, Libya, Malawi, Mali, Italy, Switzerland and Romania and put some information he had taken from there on pastebin.com, which is open for public posting of information.

NewsGram brings to you top news around the world today.

Kapustkiy, who said he is a student in Tokyo, asserted, “It took me only three seconds to gain access to their database.”

He said that his intentions in carrying out the hack were good and that he did not consider himself a hacker.

“I didn’t want to do any damage but to let administrators to pay attention (to the vulnerabilities),” Kapustkiy told IANS in an interview conducted on Twitter messaging.

He said that he decided to post some information on pastebin.com because he did not get a response from web site administrators when he pointed out the flaws.

“While we appreciate your help, please do not post the details on Paste Bin,” Verma wrote to him.

Check out NewsGram for latest international news updates.

Verma’s response was in reply to Kapustkyi’s email with suggestions on fixing the security flaws. He used ProtonMail, a secure service that operates under the strict Swiss laws that protect the identity of users and the communications.

The personal information from the New York Consulate General that was posted on pastebin.com has been removed while some non-personal information remained as of Wednesday evening. The material from other Indian missions were scrubbed earlier. (IANS)

Next Story

HackerOne Pays $20K to User who Hacked its Own Platform

Hacker-powered security is a technique that utilises collaboration with the hacker community to find unknown security vulnerabilities and reduce security risk. Popular examples include bug bounty programmes and vulnerability disclosure policies

0
Bharat Bhise HNA, Hacker, Business
Hackers have the power to bring down your website or your entire network if they so wish. Pixabay

Facing an embarrassing situation, San Francisco-based HackerOne which is a vulnerability coordination and bug bounty platform and boasts of clients like Starbucks, Instagram, Goldman Sachs, Twitter and Zomato, has paid $20,000 to a user who exposed a vulnerability in its own bug bounty platform.

The vulnerability was exposed by a user with the handle called “haxta4ok00” who has now been paid $20,000 by HackerOne.

“A hacker had access for a short time to information relating to other programmes running on the HackerOne platform.

“Less than 5 per cent of HackerOne programmes were impacted, and those programmes were contacted within 24 hours of report receipt,” HackerOne said in a statement this week.

The hacker, and HackerOne community member posted a report to the bug bounty platform: “I can read all reports @security and more programmes.”

personal information, smart devices
While 85 per cent of people own a smartphone, 54 per cent believe the technology is spying on them. Pixabay

HackerOne responded: “We didn’t find it necessary for you to have opened all the reports and pages in order to validate you had access to the account. Would you mind explaining why you did so to us?”

Haxta4ok00 said: “I did it to show the impact. I didn’t mean any harm by it. I reported it to you at once. I was not sure that after the token substitution I would own all the rights. I apologise if I did anything wrong. But it was just a white hack.”

In August this year, HackerOne revealed that hackers earned $21 million in just a year reporting vulnerabilities via various bug bounty opportunities as governments’ efforts to fix malware increased a whopping 214 per cent globally.

Also Read: Delhi Breathes Hazardous Air, Once Again

Food delivery platform Zomato has paid more than $100,000 (over Rs 70 lakh) to 435 hackers to date for finding and fixing bugs on its platform.

With the help of HackerOne’s bug bounty programme since July 2017, Zomato has successfully resolved 775 vulnerabilities report.

Hacker-powered security is a technique that utilises collaboration with the hacker community to find unknown security vulnerabilities and reduce security risk. Popular examples include bug bounty programmes and vulnerability disclosure policies. (IANS)