Tags:
Journalism of Courage
Even as the Indian Government rushed to control damage and assess losses after e-mail account passwords of 13 Indian embassies, National Defence Academy NDA and DRDO were published on the Internet, Swedish 8220;security specialist8221; Dan Egerstad said it took him only a few minutes to figure out the account details due to a lack of basic cyber security.
Within hours of the story appearing in The Indian Express, the DRDO mail server was shut down and all embassy e-mail accounts were taken offline by the Ministry of External Affairs MEA. However, it will take cyber forensic experts several days to get an idea of how much confidential material was illegally accessed.
Egerstad, who published passwords of 100 e-mail accounts of embassies and Government offices across the world on his website, said he stumbled across the details easily, but did not misuse them.
8220;Anyone with moderate skills in security could have figured this out and done it. It is easy and the embassies are at fault for not being able to understand the software they are using,8221; said Egerstad, a Malmo-based security specialist, who does 8220;a lot of work around Sweden and Denmark8221;.
Egerstad pointed out that an expert agency may have used the security loopholes to keep a constant watch on the accounts. 8220;It is possible that someone else had been doing this for a long time. Theoretically, every mail may have been copied,8221; he said.
Meanwhile, the MEA, hit the hardest with passwords from embassies in Sweden, Oman, Italy, Belgium, China, Germany, Finland and USA being published online, refused to comment on the incident.
The Ministry of Defence MoD, however, said it was conducting a detailed investigation into the incident. DRDO confirmed that the hacked account belonged to a Defence Scientific Information and Documentation Centre DESIDOC official, but it was rarely used.
8220;The official confirmed that this mail account was rarely being used for communication and contained only unclassified information. The DRDO, however, is conducting detailed investigation and assures, at first glance, there seems to be no security concern,8221; a DRDO statement read.
While an internal audit is on, sources said the ministries are likely to appoint external cyber experts to review security.
