Databases of Indian embassies leaked online. Too easy hack them

The databases of the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya were leaked online by two grey hat hackers.

Today I was contacted by a security pentester who goes online with the moniker Kapustkiy who revealed me to have breached the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya. Kapustkiy and his friend Kasimierz (@Kasimierz_) told me that they were initially white hats in the past, but decided to change to grey hats to get the media attention and force many administrators of websites online to seriously consider cyber security.

The duo exploited SQli injection flaws in the targeted websites and gain access to the databases. They confirmed me that many Indian embassies are vulnerable to such kind of attack.

They breached a total of 7 databases containing names, surname, email addresses and telephone numbers.

The duo leaked online the content of the hacked databases. The data are available on Pastebin at the following URL

http://pastebin.com/GqJcwSSc

Unfortunately, such kind data leaks are very dangerous, especially for the security of diplomatic personnel. We cannot forget that the personnel working in the embassies are privileged targets of nation-state actors conducting cyber espionage campaigns.

In May, security experts from PaloAlto Networks collected evidence that the Operation Ke3chang discovered by FireEye in 2013 is still ongoing. Back in 2013, the security researchers at FireEye spotted a group of China-Linked hackers that conducted an espionage campaign on foreign affairs ministries in Europe. The campaign was named ‘Operation Ke3chang,’ and in March the same hacking crew was spotted targeting personnel at Indian embassies across the world.

The Operation Ke3chang is only one of the numerous campaigns that targeted diplomats worldwide, for this reason, it is important to ensure a proper security posture to secure data managed by embassies across the world.

Now the data belonging to the personnel working in the Indian Embassies in the above countries are available online.

I had no opportunity to check the authenticity of the data, I tried to reach the embassy online but at the time I was writing the website of the Indian Embassy in Rome is unavailable.

Update

All the websites are down a few hours after the data leaks. Data appears to be legitimate.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Indian embassies , data breach)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.