India's vulnerability to cyber attacks is once again out in the open. Hackers from Algeria carried out a successful attack on websites run by the Defence Research and Development Organisation, the Prime Minister's Office and five other government departments.
The message pasted on the websites, after they were compromised, read: "By SanFour25, Alegerian Hackers."
The sites hacked include DRDO's Recruitment and Assessment Centre, West Bengal's police department, Directorate of Estates (Ministry of Urban Development), Biotechnology Industry Research Assistance Council, and Rehabilitation Council of India.
Government sources say that while this was a major operation, there is no sign of data theft as of now. Investigations are still on and the government is trying to restore the websites.
The notorious hacker group SanFour25, based out of Alegeria, have carried 40 attacks so far. Most of them had targeted Israel.
Government sources said usually SanFour25 does not leave any message on the server. Most of the time the group's intention is to embarrass the government. For this, the group targets sensitive government websites - like DRDO's in India. There have been very few cases where the hackers attacked a website to steal data.
Some of the websites, hacked late Wednesday night, were sensitive ones. Authorities became aware of the attack only after they stopped functioning. The news spread when Zone-h.org listed these websites. Zone-H is a portal for cyber security-related news.
Of all the websites attacked, the most sensitive is Recruitment and Assessment Centre. The DRDO operated website deals with recruitment of scientists. The website is down since the attack.
Officials are assessing the nature of attack on the website, as it contains information on the DRDO scientists. According to sources, the hackers could have attacked the website to get details of
Intelligence Bureau officials said the fact that the group is an Algerian; it makes the issue extremely sensitive. SanFour25 could be part of a terrorist outfit in Algeria. There are at least 20 terrorist groups in the country - classified as dangerous - with direct link to Al-Qaeda. The latter recruits from these groups.
Referring to the incident in August this year, where a DRDO employee was arrested for links with terrorist, sources said that the hackers could be looking for possible candidates within DRDO.
This is the first time an Algerian hackers attacked India. In the past, these hackers had their focus on the west.
The second prominent attack was on Advisor to the Prime Minister on Public Information's website. Though the data on this site is not as sensitive as DRDO's, the attack was meant to embarrass the establishment, according to officials. Sources said that the government cannot take this attack lightly and it needs a thorough investigation.
Prior to this attack, a group called Pakistan Cyber Army had hacked into Indian Websites. But those attacks were only meant to show their might over the Indian cyber security system, and they left messages mocking the government. However, in the latest attack there were no messages left. This act strengthens the believe that the hackers' intention was to get data.
Cyber security experts said that it is time now to move beyond Pakistan and look at the threats India faces from various other groups and nations. One such threat is from China, which has been creating cyber battalions specialised in breaking into networks.
Earlier this year, the systems at the Naval Command in Vishakapatanam were hacked. The hackers had planted a mole in the system to gather information, which was relayed to an IP address in China.
These series of attacks show that India's systems are not up to the mark and the country's need to beef up its cyber security. There is a need for at least 400,000 ethical hackers in order to secure the country's systems.