While Eastern Railway took almost two and half hours to restore the site to normalcy, visitors to the site continued to be attacked by Trojan virus. ER officials could only primarily trace the roots to Toronto in Canada after repeated top-brass meetings all through the day.
As spotted by FE in the morning, the official site of the Eastern Railway-www.eastern railway.gov.inwas hacked on Wednesday. When opened, the scroll on the site which normally consists of official announcementshad unusual notes. The first note read: Cyber war has been declared on Indian cyberspace by Whackerz- Pakistan (24 Dec-2008). This was followed by two other notes: Indians hit hard by Zaid Hamid and We are f**ked up Indians. You are hacked.
When clicked, the scroll opened into a new window which claimed that Mianwalian of Whackerz has hacked the site in response to the air violation of Pakistan. It also claimed that it will continue to hack more Indian military and government sites. The threat note also claimed that servers of Indian financial institutions will also be hacked with the help of the groups members working in computer departments of foreign companies. Data belonging to Indian nationals (only Hindus) will be destroyed eventually, it added.
Another threat note asked the visitors of the website to watch the real Indian conspiracy in Mumbai attacks on the website-www.brasstacks.pk. Brasstacks claims to be a unique Pakistani think tank devoted to the study of regional and global political events and their implications for Pakistans security and interests. The note ended with the slogan Long live Pakistan.
The third note, which showed the hackers apathy towards India, Israel and USA, challenged Indians to save their motherland from turning into pieces.
When contacted, ER officials seemed unaware of the entire incident and the site remained as it is for almost an hour, till 11.40am, after which ER blocked it. The website resumed to normalcy after 12, when the threat notes in the scroll as well as in the news and events section were removed.
Our sites have cyber security certificate from US-based Thawte, said an ER official. We have informed the service provider and will get a detailed response from them only after 24 hours, he added.
According to a cyber security expert, similar attacks can be done through SQL injection method. In case of a SQL injection attack, webpages with active content like feedback forms are used. Attackers can write malicious commands in the forms through a rich text format and get control over the database of the target site.