Smith Gonsalves, Director, RedMigon/Cybersec
Cyber Security has always remained a very sensitive issue but has been neglected by the Mass Media platform, though they are aware about the recurrence and very well aware about how their website can be defaced? By so called Pakistani defacers. Firstly who are the Defacers? They are the script kids or noobs in IT language, they know only SQL Injection which a primary student learning about cyber security is capable of using it, then they use SQL Injection to get in the Database, then they inject Shell in it, through Shell they are capable to Modify the Index file which is the first page of any website after they modify the index page the site gets defaced and this is called Defacing as these people only know to trigger the index file rather than going beyond SQL Injection. Compare to other Countries Indo-Pak cyber war is world famous because Pakistani only have the knowledge to do the defacing work, they are not interested to find zero days (a new vulnerability which people are not aware and completely new) they waste their time doing illogical and sense less work because there are platforms where they can point out loop holes and get acknowledge, bounties from various companies like Google, Facebook but rather than concentrating on bug bounty platform and proving their talent, instead they want to waste their time in harming websites with having capability of going beyond SQL Injection. Then these people post irrelevant things about our nation on the respective websites which are defaced, this situation is faced by many sectors of IT Industry facing problems of Defacing or DDOS attack where the attackers shut down the complete website. These issues can even spoil the reputation of the company or even disrupt the day to day working of the company and can suffer huge loss or start losing its users, as they do not find it safe.
"Media is a major pillar in democracy which actually should be secured by adopting modern means"
Digital India Website was recently found with a shell inserted on the hosting panel, now you people think what could have happened if their systems auditing was not taken care of.
Let’s forget about Private companies but what if I say that our nic/govt. websites or big Media websites are vulnerable to this kind of attacks and you maybe the next victim similar to IIT Mumbai or NGT (National Green Tribunal) Website. Every time when these people deface they trigger the govt. website that means we as a strong nation forward in technology, forward in Advance Military but lacking in securing the Framework. I am not allowed to disclose publicly the sites which currently are vulnerable but these are the effects if you people take security lightly. People don’t understand a simple logic that while are creating an Application in which ever platform with ennumerous of effects, GUI (Graphic User Interface) for providing good
graphics, advance programming, the centralized database management system they ensure a complete flow of the website in order to represent. But lack in providing security mechanism like Firewall/IDS etc. This is complete foolishness in other
words it is like you create your house and don’t have windows and doors to it so that theft can come at any time. Today 90 percent of companies are just secured because they are using good hosting provider’s like Word press or Channel because these
hosting provides ensure complete safety, regular patching of the bugs which are encounter on monthly basis, they don’t have any major server level bug to exploit but then too while designing the application these developer’s make syntax error’s and because there is no one to rectify their mistake Hackers are able to exploit these syntax error’s which can cause a site getting defaced.
Other countries have their own “Cyber Military” to defend/launch attacks. Often we are the victims of it as there is no source from government which supports the security researcher and when there is no support led by government, Indian geeks feel to strike back and again this goes on and on. Do we have a Cyber Military to defend/ launch these attacks? So our new comers can get a base and can get equipped with support and research centers.
Often we hear about etiquettes,but what about netiquette. Often Organizations come forward when they have been breached. My point is why you people are waiting for a cyber-strike? Why do Organizations fail to overcome these issues? Why do you people invite hackers to disrupt your property? Why proper security concerns have not initiated? Like Audits & VAPT (Vulnerability Assessment & Penetration Testing) have not been done to ensure complete safety.
Media is a Major Pillar in Democracy which actually should be secured by adopting modern means. The issue is not over yet we people have accounts over this platform so their security and integrity has always remained a challenging question. There was a lot of news about Information providing or reporting sector getting breached or defaced. Here the security people or Ethical Hackers prevent these issues or give a proper precaution to it. By undergoing these risks your privacy is also being questioned again and again.
In order to avoid these issues every Mass Media platform should adopt “Annual Maintenance Contract” where their server would be checked at proper intervals in order to avoid the latest Vulnerabilities. “Technology is a great asset until its care is taken, the moment we neglect it there is Cyber Strike”. Now the Cyber cells have come up with initiatives to inform big organization weather their system is vulnerable to any kinds of attacks in order to stay safe and secure.