Dear all, Regardless of the intention behind the defacement of a government website as described in the message below............. I will have to strongly raise my voice of request to take this action very seriously (on both legal and technical grounds).
Possible Impact: Someone with this level of access (since unknown period of time) could easily replaced downloads in the website... putting backdoor in the data it holds within ( jpg, pdf, doc, html all can carry hidden backdoor). Website contents can be replaced & removed periodically to cover up detection. If something malicious had exists and upon successful infection, the backdoor can travel from one government computer to another like hidden virus that copies itself in a pen drive... Remember sujin.com.np virus for which Mercantile put a removal tool for it was widely spread. ref: http://download.mos.com.np/sujin_Removal_Tool/ I see no reason why the attacker cant manage to put something like sujin_virus in the hacked website that will trigger a similar backdoor with the INTENTION to crack into other government computer as well. Regarding sujin_virus it is unknown if Nepal Police IT dept. put forward any investigation. From the seriousness of this crime, it wont surprise me if some computers in "Ministry of Foreign Affairs" has already been trojaned with a backdoor controlled by someone... and is being monitored remotely. If someone can deface a website and say "Ooops it was just for fun/awareness" i see no reason why he wouldn't choose to take the next setup further and "attempt" to hack into government computers and put up an excuse "just to prove my point" or ......instead, could get greedy during his act for FUN and attempt to sell the gathered information? What is @stake? well..... # All Keystrokes that was ever made in the infected computer... # Documents/ Presentations/ Proposals / Notes # Your Emails conversation /logins-passwords / chat logs / anything-everything what you see, what you have speak digitally.... # If a victim had webcam/mike, anything you spoke in front of computer or what your webcam can see can also be recorded/retrived. If it was foreign, all the government computers that ever accessed or have downloaded data from mofa.gov.np should have been required to go through a throw security audit/review for possible infection. Regardless of the intention of the defacement... poking around something that symbolizes a national value is a national offense, STRAIGHT - SIMPLE !!! It will be intresting to see how nepalpolice, the media and MOFA will respond to the gravity of this incident. It is requested to throwely revied all the contents of the website comparing it from original copy and replaced with a trusted copy. BUT also, its baseless to blaim the hosting provider or the designer. They must have surely served what was in the "business deal" well. "Security audit/assurance" was never a criteria! --- regards, -Bipin Gautam NepCERT ( Nepal Computer Emergency Response Team) On 6/22/08, suraj <[EMAIL PROTECTED]> wrote: > ---------- Forwarded message ---------- > From: rajan kharel <[EMAIL PROTECTED]> > Date: Sun, Jun 22, 2008 at 12:10 AM > Subject: A message wrote by a hacker in the Ministry of Foreign affair site > To: [EMAIL PROTECTED] > > > > > "First of all thanks for deleting the notice I posted yesterday on the front > page.I hope you might have tried to find where the mistake was and how i > entered the site and put that message on the front page.Of course you made > some changes too.But Is that enough?? I am not a hacker and don't have any > motive to harm the site. Being a nepali it was my duty to inform you guys > about the dangers.So I wrote an email to admin but there were no changes on > the site even after a month. so I had to put that message on the front page. > Please look for all the possible holes and try to avoid my messages ont he > front page. REMEMBER DELETING THE POST IS NOT ENOUGH You may mail me if you > find any dificulty. I will be available for help whenever you ask. > I AM NOT INTERESTED IN DELETING OR ALTERING ANY DOCUMENT IN THE SITE" > > > plz click here for details: http://mofa.gov.np/# moreover this site is > developed by yomari. > Be ware of hacker........hehe > > > > > > ------------------------------ > Invite your mail contacts to join your friends list with Windows Live > Spaces. It's easy! Try > it!<http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us> > > > > > -- > Regards, > Suraj Sapkota > सुरज सापकोटा > ----- > This space intentionally has nothing but text explaining why this > space has nothing but text explaining that this space would otherwise > have been left blank, and would otherwise have been left blank. > -Kernel.org > ----- > > > > -- X-No-Archive: --~--~---------~--~----~------------~-------~--~----~ FOSS Nepal mailing list: [email protected] http://groups.google.com/group/foss-nepal To unsubscribe, e-mail: [EMAIL PROTECTED] Community website: http://www.fossnepal.org/ -~----------~----~----~----~------~----~------~--~---
