Leading Indian news agency becomes victim of cyberterrorism

Wed, Feb 11, 2009 Tweet Vote on HN Indo-Asian News Service (IANS) is one of India's leading news wires. Their news is available to subscribers only and among their clients are various newspapers and news websites. They are one of the fastest text news services and often among the first to break news. Last night, their website was hacked (or to be politically correct I should say defaced or owned) allegedly by hackers based at Pakistan. These criminals did not take down the entire website, it was worse. They put in derogatory stories against India within the wire. To news websites syndicating their news, it would seem like a genuine news from their end. Here is a screenshot of their latest post today morning. At the time of writing (Feb 11th 10am or 8:30 Indian time) the IANS website is still unaccessible Some observations about IANS

1. It uses PHP
2. The client side coding is very pathetically done, Very likely the backend is just as bad or worse
3. Their servers(at Delhi) uses "TATA Communications" as ISP meaning it is either self hosted or at a datacenter.
4. Uses windows for webservers (This is AFAIK, website is down now, so cant probe to be sure) correction it is on Red Hat

What ticks me off is that this is such an important site it should be much more secure. The traffic to the site may be negligable, but if at all you are a newsjunkie, it is highly likely that you read stories from IANS on a daily basis on other websites/newspapers. Edit : 9am IST the website is back online UPDATE : 4:05 pm (Indian Time) IANS has published the following message on their wire :-

Dear Subscriber, The IANS website -- www.ians.in -- was targeted by Pakistani hackers last night. The hackers gained entry into the site and began uploading abusive content. This was noticed around 1 a.m. by our technical staff, who immediately began clearing the offensive content. To prevent any damage to the database, the site was shut down for a few hours. Meanwhile, we are further strengthening our security systems to prevent the recurrence, as far as possible, of any such incidents in the future. Any inconvenience caused to subscribers is deeply regretted. Best regards, Partha Sarathi Mitra C.T.O. IANS

Some things worth noting:

1. There appears to be 2 attacks not 1, one around midnight-ish and one few hours later. Messages from the first attack was deleted, service resumed normally, then there was another attack.
2. If site was intentionally shut down then why no message on it?
3. Cant seem to find any reassurances that our contact details, etc are safe... Did they steal anything?
4. No email communication from them yet. This message was just put into the wire along with 100s of stories, very easy to miss.