According to the website: hindustantimes.com, the website for the Central Bureau of Investigation (CBI) cbi.gov.in, was defaced by a group calling themselves ‘Pakistani Cyber Army’. CBI is connected to the world police organization called Interpol.
Anyone visiting that page was redirected to another page claiming the defacement was in response to Pakistani websites being hacked by a group calling themselves, ‘Indian Cyber Army’.
In addition to the CBI website, the Pakistani Cyber Army also claims to have hacked 270 other websites.
What’s also interesting is that the Pakistani Cyber Army has a Facebook page and a few of the websites we visited in researching this, international news sites, were infected as well, but apparently not from the Pakistani Cyber Army.
This is what’s referred to as ‘hacktivism’ or hacking for a group of activists.
However, keep in mind that while it was simply a defacement, imagine if they had setup some type of ‘drive-by’ download. All the people visiting a trusted .gov.in site would have been infected, or at least been subjected to an infection attempt.
Website security is no longer an option.
Let’s be careful out there, huh?
According to a blog post on Network Solutions website, a few hundred websites were defaced by a file inclusion exploit.
They acknowledged that multiple servers were “hit” with a defacement where the home pages were replaced with webpages containing anti-Israeli graffiti that included graphics of masked gunmen complete with rocket launchers. All this from and a message: “HaCKed by CWkomando.”
As of this writing, many of the sites have been cleaned up and Google searches on that term mostly show people reporting the infection rather than websites that have been hit.
Personally, if it is the result of a file inclusion exploit, then I hardly think it’s Network Solutions fault. It sounds to me to be more like a vulnerability in someone’s code. However, the fact that it affected multiple sites leads me to believe that maybe one site was hit and from there the hackers (cybercriminals) were able to reach other websites on the same server. Then it becomes an administration error which could be the fault of the hosting provider.
I’m not blaming Network Solutions. I commend them for announcing this and working diligently to fix the problem. Too often we work with website owners who have their site blacklisted not due to their fault, but because someone else’s website on the same server has been compromised and the hosting provider just simply throws up their arms and says, “It’s your problem, not ours!”
If your site is hosted with Network Solutions, stay with them and let them help you help yourself. Give them credit for taking control and working through this issue.
They provide a contact for any website owner who has been affected by this: http://networksolutions.com/support/ or on Twitter @netsolcares
Let’s give credit where credit is due. They are not pointing fingers. They are taking control. I applaud them.
Let me know if you agree or disagree.