Graham Cluley’s blog

The official website of Eastern Railway, part of the state-owned Indian railway network, was struck by an SQL Injection attack earlier this week by a hacking gang believed to be based in Pakistan.

According to reports, the www.easternrailway.gov.in website was defaced with messages such as "Cyber war has been declared on Indian cyberspace by Whackerz-Pakistan", "Indians hit hard by Zaid Hamid" and "You are hacked".

A further message was displayed claiming that the website had been hacked as a response to an alleged violation of Pakistan's air space by India earlier this month.

Officials at Eastern Railway claim that the website hack was achieved through an SQL injection attack, similar to the others that we see everyday striking websites around the world installing malware.

As far as we can tell, no malware was installed during this SQL injection attack, for which everyone should be grateful. Nevertheless it's embarrassing for the companies concerned that their websites were not written more securely in the first place to prevent the hack attempt from succeeding.

Of course, this is not the first time that Indian and Pakistani hackers have attacked each other's country via the internet. For instance, in 2002 Pakistani government websites were struck by a denial of service attack, and aggressive messages have been embedded inside viruses threatening Pakistani hackers.

Posted on December 26th, 2008 by Graham Cluley, Sophos
Filed under: WWW

                                         

Windows 7 security - A great leap forward or business as usual?

Related posts

• Hackers infect BusinessWeek website via SQL Injection attack
• Chinese hackers deface film festival website
• Hackers strike Large Hadron Collider website
• Hackers attack German Interior Minister's website
• Indian government computers hit by Chinese spyware attack?