IIT-B website, others hacked
A weak security system in the Education and Research Network (ERNET), the registrar for the domain *.ac.in which is used by educational institutions all over India allowed hackers claiming to be from
A weak security system in the Education and Research Network (ERNET), the registrar for the domain *.ac.in which is used by educational institutions all over India allowed hackers claiming to be from Pakistan divert email and browsing to an external website and not the intended page since Wednesday night. The Indian Institute of Technology Bombay (IIT-B) was one of the websites that got affected.
According to students who take care of some of the sites hosted by IIT-B, ERNET will have to beef up the security and plug loopholes exploited by the hackers to ensure the safety of the websites of educational institutions using the domain.
Abhijit Tomar, who oversees the working of IIT-B’s webpage called Insight said the domain was compromised on Wednesday night and those using the .ac.in domain started getting diverted to an external page which read ‘Hacked by Hunter Jutt 23 rd March Pakistan Day’. “People trying to access the main www.iitb.ac.in website were being redirected to the hacker’s page but the website itself was not hacked nor were the internal services affected.
The hackers had managed to change the DNS record for the www.iitb.ac.in domain, as a result of which people were being redirected to the hackers page,” said Mr Tomar.
Explaining how the hackers managed to do so, Mr Tomar said, “After the hack came to light one of our seniors, Pritam Baral started investigating and within a few minutes realised the source of the problem.
“ERNET being the registrar or keeper of the official records-keeper of DNS needs to beef up the security as Baral found that they seemed to store passwords in plaintext and send it as plaintext in emails when asked. How the so-called ‘hackers’ got access and what level of access did they get is something only ERNET can tell after an investigation. It is possible that they found a general loophole in the website which until now, they have only exploited for IIT-B.”
While all websites using .ac.in domain could have been affected, Mr Tomar said the hackers could have accessed very few sites like that of the IIT-B website as they were using a very cheap server that cannot take heavy internet traffic load.
“It will take a couple of days to understand how many websites have been affected but it can assumed that all websites using the .ac.in domain will be affected until ERNET resets the domain to the original server,” said Mr Tomar, adding that the hackers seemed to be looking for attention and not mean any harm as they did not change any passwords or content.