The Principal Comptroller of Defence Accounts (Officers) website of Indian Army has been hacked and sensitive information about defense personnel stolen, reported an English newspaper.
MoD and the Army are looking into the matter which is being kept low key to avoid panic among officials. Many fear that their provident fund or travel allowance/dearness allowance might have been stolen.
‘We have no clue what might have happened to our salary because we are not being able to access our salary slips. The hackers have hit where it hurts the officer corps the most,’ a Major General told to Times of India.
PCDA is the financial center of the army. Defense personnel access information about their salary, receipt of claims, proof of IT returns and PF withdrawals from the site.
Many officers feel that the authorities have shown a laid back attitude to the issue.
Initially the site could be accessed but there was an ad on the bottom. Later the site could not be accessed at all.
While the defense spokesperson denied having any knowledge about the hacking, PCDA spokesperson attributed the glitch to ‘modification of computer system’ and said the site will resume shortly.
Researchers have found a serious vulnerability in LTE/4G mobile communication standard that can help hackers impersonate other phone users, take a streaming service subscription at your expense or publish secret company documents under someone else’s identity.
The vulnerability — which affects virtually all mobile phones, tablets and some connected household appliances — may also hamper investigations of law enforcement agencies because attackers can not only make purchases in the victim’s name but can also access websites using the victim’s identity.
For example, an attacker can upload secret company documents and to network operators or law enforcement authorities, it would look as if the victim is the perpetrator, said researchers from Ruhr-Universitat Bochum public university.
“An attacker can book services, for example stream shows, but the owner of the attacked phone would have to pay for them,” said Professor Thorsten Holz from Horst Gortz Institute for IT Security.
Only changing the hardware design would mitigate the threat. The team is attempting to close the security gap in the latest mobile communication standard 5G, which is currently rolled out.
“Mobile network operators would have to accept higher costs, as the additional protection generates more data during the transmission. In addition, all mobile phones would have to be replaced and the base station expanded. That is something that will not happen in the near future,” said David Rupprecht.
The problem is the lack of integrity protection: data packets are transmitted encrypted between the mobile phone and the base station, which protects the data against eavesdropping.
However, it is possible to modify the exchanged data packets. “We don’t know what is where in the data packet, but we can trigger errors by changing bits from 0 to 1 or from 1 to 0,” said Rupprecht. By provoking such errors in the encrypted data packets, the researchers can make a mobile phone and the base station decrypt or encrypt messages.
They not only can convert the encrypted data traffic between the mobile phone and the base station into plain text, they can also send commands to the mobile phone, which are then encrypted and forwarded to the provider – such as a purchase command for a subscription.
The researchers from Bochum used so-called software-defined radios for the attacks. These devices enable them to relay the communication between mobile phone and base station. Thus, they trick the mobile phone to assume that the software-defined radio is the benign base station; to the real network, in turn, it looks as if the software-defined radio was the mobile phone.