Thursday, October 4, 2007
Hacked: Email inboxes of Indian missions in US and China; NDA, DRDO officials too
Taking a dig at cyber security preparedness levels, a hacker, who claims to be based in Sweden, posted online on the evening of August 30,2007 the passwords of 100 email accounts of embassies and government offices across the world, including 13 Indian accounts, containing classified information and correspondence.
Top on the list of passwords that have been posted on http://derangedsecurity.com give access to email accounts of Indian Ambassadors to China, US, Sweden, Germany, Italy, Oman, Finland besides officials of the National Defence Academy (NDA) and Defence Research and Development Organisation (DRDO).
Other accounts include those of the embassies of Uzbekistan, Iran, Afghanistan, Pakistan, Japan, China, UK and Russia.
To check the authenticity, The Indian Express sent a test mail to the Indian Ambassador in China on her official email ID and, using the password posted online, was able to access it. The email account of the Indian Ambassador to China contained details of a visit by Rajya Sabha member Arjun Sengupta to Beijing earlier this month for an ILO conference. There was also a transcript of a meeting this evening which a senior Indian official had with the Chinese Foreign Minister.
Similarly, accounts of NDA and DRDO officials reveal phone numbers, commercial documents, official correspondence and personal mails. The account of the Indian embassy in Germany contains a query by two IIM (Calcutta) students about safety in the wake of recent racial abuse cases in West Germany.
While it remains unclear how the passwords were accessed by the hacker — he has posted his name on the website as Dan Egerstad from Malmo in Sweden and even gave contact details — Indian experts said that loopholes in POP (post office protocol) mail servers could have been exploited to gain access.
“A POP server that had not been updated for security could have been exploited by the hacker to get usernames and passwords,” said a cyber security expert who did not wish to be named.