3 Wipro employees arrested for hacking UK firm TalkTalk

Three Wipro employees in Kolkata have been arrested in connection with a security breach in the customer records of a UK-based telecom client TalkTalk, a development that could have major implications for the IT company.

A TalkTalk spokesperson said it is reviewing its relationship with Wipro. The British media carried the news on Wednesday, given that TalkTalk is a major fixed line broadband and voice telephony services company, with revenue of 1.7 billion pounds.

TalkTalk had suffered a major cyberattack in October that had compromised the personal and financial details, including bank account information, of some 1,57,000 customers.

For Abidali Neemuchwala, who takes over as Wipro CEO on February 1, this would perhaps not be the kind of beginning he had looked forward to. Industry analysts said he would have to tighten internal controls in the BPO operations and may take disciplinary action against senior executives to assuage client concerns. And this at a time when the company needs to focus on improving its growth rate, which has been significantly lagging those of peers.

The criminal acts by the Wipro employees were discovered when TalkTalk conducted a forensic review of all its operations following the October cyberattack. The forensic review was to ensure that all aspects of TalkTalk’s security — including that of its suppliers — were as robust as possible. It had hired defence company BAE Systems to investigate the cyberattack.

“As part of the review, we have been working with Wipro and the local police in Kolkata. Acting on information supplied by TalkTalk, the local police have arrested three individuals who have breached our policies and the terms of our contract with Wipro,” the TalkTalk spokesperson said.

TalkTalk, which competes with British Telecom and Virgin Media, selected Wipro BPO as one of its strategic partners for its outsourced contact centre operations in 2011. Over 1,000 employees at Wipro’s Kolkata centre are involved in providing customer and technical support services for TalkTalk’s broadband and fixed-line telephony. Since 2011, the BPO contract has expanded to cover mobile and IP TV services.

Sources told TOI that the size of deal could be 70 million pounds spread over six years. But this could not be confirmed. TalkTalk spokesperson Isobel Bradshaw said, “Sadly, we cannot comment on the details of our relationship or contract with Wipro, as it is commercially sensitive.”

 

Wipro helped TalkTalk reduce complaints that cause customer churn. Wipro is using analytics to understand customer behaviour with relevant and customized interactions. The partnership with Wipro was expected to help TalkTalk reduce $2 million in cost annually and increase $1 million in its revenue through improved ARPU. Wipro’s 5,000-employee contact centre in Kolkata does work for other clients including Vodafone.
When TOI contacted Wipro on the matter, the company said it is committed to maintaining the integrity and confidentiality of all customer data and has a zero-tolerance policy on security breaches.
“Working with our customer, Wipro reported potential illegal activity to the relevant law enforcement authority in India, as soon as it came to the company’s attention. Wipro is working closely with the customer in the investigation and will continue to extend its full co-operation to the investigating authorities. We are unable to comment on the matter that is currently under investigation,” a statement said.
Infosys’s BPO operations had suffered a similar embarrassment in late 2014 when it was found that several junior and mid-level employees had participated in the overbilling of Apple, a major Infosys client. It led to the exit of the CEO and CFO of the BPO operations.

 

Source : TOI

Indian Hackers Attack Pakistani Websites In Response To Pathankot Terror Attack

An Indian hacking collective named Indian Black Hats has defaced multiple Pakistani websites. This Kerala-based group has dedicated the attack to the little daughter of a Pathankot terror attack martyr. The group told fossBytes, “Harming is not our aim..but if anyone pick their eyes on our mother India..we stand for it”.

In response to Pathankot terror attack, an Indian hacking group has attacked multiple Pakistani websites, including Pakistan Bar Council’s website.The hackers have dedicated these attacks to the 18-month old daughter of Pathankot terror attack martyr, National Security Guard (NSG) officer Lieutenant Colonel Niranjan Kumar. This hacking attack was carried out by Indian Black Hats group based in Kerala.

The hacked websites include:

www.csd.gov.pk
www.pakistanbarcouncil.org
www.mona.gov.pk
www.fotile.pk
www.maslamsons.com
www.cpakgulf.org
www.solp.pk

A member of the Indian Black Hats said: “Harming is not our aim..but if anyone pick their eyes on our mother India..we stand for it”.

On the defaced websites, this hacker collective has posted this message

This Attack is dedicated for VismayA, the daughter of NSG Commando Lt Col Niranjan!! A Big Salute from team IBH To the familys of brave soldiers who lost their life in Pathankot Attack!! A Small Tribute to those Brave Soldiers who Laid their Precious Life for our Country and our People!!

RIP Brave Souls of Pathankot !! We Are Proud Of You Guys !! Bharat MaataKi Jai !! Vande Matharam !!

We forgive…

We forget..

Don’t Expect Anything from us.. !!

With F**K FrOm: Ind_Cod3r & L!u M!nyu

When asked about the extent of hacking and access to the database of hacked website

“Yes we have full access to their database through which we had the admin info and get into their server”. – IBH

For those who don’t know, Indian Black Hats (IBH) is an Indian hacking collective that started in 2011 with name Indian Cyber Devils.

Add your views in the comments below. For more updates, stay tuned with Professional India.

Source : FossBytes

Indian hackers ‘pay back’ Pakistan for 26/11

A Pakistani government website hacked by Indian hacker.

Team Indian Black Hats hacked around ten Pakistani websites, including a high profile Pakistan government website.

A group of Indian hackers, calling themselves the Indian Black Hats have launched a symbolic cyber attack against Pakistan for the 26/11 Mumbai attacks, by hacking into two government sites and around 10 non-government domains on Thursday, the fourth anniversary of the terror attacks.

According to one of the hackers, the attack which began in the wee hours of Thursday was led by ‘team Indian Black Hats’, a group of like-minded hackers from across the country. The same team was in cyber space from 2011 to 2013 under the name Indian Cyber Devils, and after a brief lull with members continuing to be active with various other hackers’ groups, had revived itself from January 2015.

The websites that the Indian Black Hats hacked till evening on Thursday were www.csd.gov.pk and www.mona.gov.pk, while a variety of non-government domains, including www.metroshoes.com.pk, as well were hacked by the Black Hats. The “attack” was launched as a tribute to the martyrs of 26/11, they said, adding that the “payback” was still on.

Incidentally, a similar group, Mallu Cyber Soldiers, had earlier hacked several Pakistani government websites in retaliation to an attack by Pakistani hackers on the Kerala government’s website in September apart from mounting a cyber war of sorts against websites that allegedly were part of online prostitution rackets.

Class 12 student, Rony Das finds Gauhati University website highly insecure, says can be hacked through phone.

What if someone could access your graduation results and alter the same at will? Students of the region’s prestigious Gauhati University aren’t aware that their marksheets stored on the servers of the university could be easily accessed by a mid-level cyber expert with chances of serious compromise to the data. A Bongaigaon-based class XII student found flaws in the network server of the university and has access to their backend and complete database. Sounds scary?

Rony Das, a class XII student of Bongaigaon Railway HS School hacked into the servers of the Gauhati University website through his Android phone in December last year and informed the university registrar through a mail immediately. While Rony thought the vulnerabilities he pointed out to the university was rectified, he was shocked to find that the issue wasn’t resolved till last week. Rony again mailed to the university, but nothing was done.

“I am a web security enthusiast and while researching on security faults, I managed to access the Gauhati University control panel with ease through my Android phone. What if someone with bad intentions exploits the vulnerabilities and play with the future of thousands of students studying in the university?” Ronny said while talking to TOI.

When contacted, Gauhati University officials were caught unaware on the issue. While the system admin at the university said they will look into the matter on Thursday, VC Mridul Hazarika told TOI that he will take action at the earliest. “I should thank you for intimating me about the issue. I am not informed about the same but I am happy that the ethical hacker choose to inform us about the vulnerability beforehand,” Hazarika said. He added that if needed the hacker’s opinion in securing the servers will be sought and students shouldn’t worry as their data will be secured on priority.

Rony shared a video with TOI which showed how easily he could access the database of the university and everything – including marks – could be altered through a mobile device. While surfing for similar vulnerability, the information security enthusiast also managed to find flaws in the content management system of a political party’s website.

Rony’s father is a tailor in Bongaigaon. The young prodigy wishes to pursue higher education in information security from Mumbai/Pune. “I am a self-learner and hope that with proper education I will be able to be an information security expert and serve the country. With regular news of web hacks by hackers from other countries, India should better its stealth. Hope I achieve my aim some day,” he said.

Source : TOI

 

While talking to Professional Hackers India, Rony Shared the self captured image of TOI news paper cutting.

Cyber-war: Indian hackers hack 250+ Pakistani websites after attack on Kerala govt’s website

New Delhi: Seems like India and Pakistan are locked in a digital war!
Late Saturday night, the official website of the Kerala Government: kerala.gov.in, was hacked by a person identifying himself as Faisal Afzal aka ‘Faisal 1337′ for reasons unknown.

Well, someone had to retaliate! Within a few hours of the attack, an Indian hacking group hacked more than 250 Pakistani websites, which included official website of Pakistan’s President, official website of Pakistani Govt., official website of Pakistani Railways.

Going by the name, “The Mallu Cyber Soldiers” the group claimed responsibility of the retaliation and announced their act as payback to the Pakistani hack of the Kerala Government’s website.

They also posted a message on their Facebook page, “!!Message to Script Kiddies of Pakistan ….Do not touch Indian Websites !!! Now your 46 Pakistan government websites got crashed and 4 educational websites got defaced. This is a small payback for hacking kerala.gov.in. Faisal 1337 go home kiddo, you are F*ucked.

 

Source : Zee News

There’s an Indo-Pak cyber war afoot, and the governments have nothing to do with it

The take-down of the Kerala government website on Sunday has wildly escalated into a full scale cyber war between the two countries. The problem is, the war seems to have been started, and is being continued by individual players with nothing to lose.

Yesterday, news emerged that the Kerala government’s official website, kerala.gov.in, was hacked and defaced by a “suspected Pakistan-based hacker”. The police cyber cell is still probing the incident, and the website has since been restored.

However, mere hours after the incident came to light, hackers here in India had formulated a plan of their own. What has followed can only be described as coordinated cyber warfare, with at least 227 Pakistani websites being attacked, though that number has probably spiked since I’ve written this article.

The “counter attack”, titled #OpPak, is backed by a number of hacker groups in the country and, though a ring leader can be tough to identify, the main players are easy enough to pick out. Hell Shield Hackers is one of the groups leading the charge, a team comprised of hackers [email protected]@rus, Psychotic overload, Distroyer 404, poison operator, Darka NSH, and IN73CT0R D3VIL. Though there are likely other members, various tweets confirm that these few are the currently active members. There’s also theMallu Cyber Soldiers and IndiShell, who don’t seem to be active on Twitter right now, but are still thanked on a Pakistani website that was defaced.

Among the many Pakistani websites listed here that were defaced, hacked, or DDoS’d, a lot of them are government websites. Meanwhile, the hacker behind the Keralagovernment attack was one Faisal Afzal, a coder who has attacked Indian institutional websites in the past. And the Kerala government website wasn’t his only target it seems. Faisal 1337, as he calls himself, has also identified http://banking.csc.gov.in, http://insurance.csc.gov.in, http://gokdelhi.kerala.gov.in/, and even the Chennai customs website, earlier on September 26.

Hell Shield Hackers

Indian Hackers havent hacked a single pakistani site after 15th August 2015. But Faisal Afzal hacked kerala.gov.in .. Dude? We are not sleeping . If you even touch a Indian site, we will crush you up.. :3 .Now feel the heat pakistan.gov.pk hacked.

The Indian teams have taken up the mantle of avengers, calling themselves India’s “cyber warriors”. Some might see this as an overreaction to one man’s hacking. Others might see it as righteous payback for a slight from a Pakistani man, a country we have longed viewed with contempt, and vice versa. But is anyone else (like me) absolutely terrified by this entire thing? Let’s be clear, it does inspire a twisted sense of awe to see so many hackers unite under one banner to “defend” their national pride. But, at the end of the day, it’s likely not the hackers that will suffer the consequences of a cyber war.

One Pakistani hacker defaced an India government website but, to be fair, Hell Shield Hackers have themselves clearly stated that they attacked various Pakistani websites on August 15. This kind of back and forth isn’t really something that can be controlled by cyber security forces; there simple isn’t enough man power to monitor every individual, but at least it’s confined to a manageable level. But the scary part is that, our own hackers responded to this singular incident with brute force, taking down at least 227 websites in return. In war terms, that would be like responding to a cross-border raid by one platoon with a full-scale tank invasion of a border town. And you can be sure neither party is going to pull the plug easily; escalation begets itself, and it’s likely only a matter of time before Pakistani hackers rally and launch a counter attack of their own.

And the problem with these hacker teams duking it out is that their targets aren’t each other, but instead the institutions that they claim to be representing. A hacker team won’t be hurt a cyber attack, only the victim country’s functioning will. And yet, the tit-for-tat will continue, with hackers dealing out insults, and countries suffering the blows. It’s a mercenary war with countries on the line. And it’s likely to get very ugly very soon.

Self-taught ‘cyber sleuth’, all of 21, may train Mumbai Police soon

In a short span of a year, Shubham Singh, 21, a self-taught hacker, has lectured the Mumbai Police on ethical hacking and helping solve complex cyber crimes.
The Ghatkopar resident has impressed police officers with whom he worked, and it is very likely that he would be training the police force in battling cyber crime once his proposal is cleared.

In one of his earliest cases, Singh helped the police in Ghatkopar track how a man was receiving large sums of money from his girlfriend, even though her parents had rejected proposals of marriage.

“Through call data records of the woman’s phone, I found that she was in constant communication with him and would transfer money by operating her bank account through her phone,” he said.

Singh subsequently graduated to helping crack banking frauds and crimes committed on social media.
He was lecturing at an institute in Vikhroli last year that one of his professors put him in touch with the police. He hasn’t looked back since.

“He’s a very helpful boy. He visits us often and volunteers help. In the past three months, he has helped us crack several cases.”

said Shankar Dhanawade, senior inspector, Pant Nagar police station.

The youngest of three brothers, Singh was raised by a homemaker mother and a father who works at the BEST Undertaking.

By the time he turned 15, the intricacies of hacking had aroused his curiosity, but it was a seminar he attended at IIT Bombay that year that began his initiation. “I began to read magazines and attended seminars and signed up for courses in hacking. But none of those was a substitute for practice. I taught myself,” he said.
Singh now runs his own set-up — Cyber World Academy in Vikhroli — in partnership with West Bengal native Soumya Mondal.

The duo have tailored a course in cyber crime investigation for the police and would be offered free of cost once the proposal is approved.

“We received the proposal two months ago and it is under consideration. We are studying its contents and working out how it is to be implemented,”

said Dhananjay Kulkarni, Deputy Commissioner of Police, Crime.

The course has 25 modules which include cyber forensics, examining digital data and digital evidence, investigating email attacks and Internet protocol (IP) addresses, and cyber warfare and terrorism.

Singh adds that 18 officers of sub-inspector rank upwards have already begun taking his course.
Singh is currently pursuing a Bachelor in Computer Administration from Pune’s Tilak University and wants to depoly his skills in the service of the Police.

“The best option for me is to join the police. After graduating, I will either appear forthe Maharashtra Public Service Commission exams or the Central Bureau of Investigation (CBI) exam,”

he said.

Indian-origin man jailed for computer hacking in Singapore

A 36-year-old Indian-origin manhas been jailed for four years and eight months on charges ofhacking computers of at least seven organisations including the ruling party in 2013.

James Raj Arokiasamy, who calls himself “The Messiah”, had pleaded guilty to the charges last week, The Straits Times reported today.

He used software to scan various government servers including those of the Prime Minister’s Office and Elections Department as well as Peoples’ Action Peoples’ Action party (PAP)

Community Foundation, a town council and the City Harvest Church, the management of which is on trial related to fund management.

 

Many of the sites were defaced with taunts and threats, the report said.

Raj had also hacked a Straits Times blog, and illegally accessed a server that contained bank statements of Standard Chartered Bank clients.

He had displayed “audacious bravado” in his acts, which had caused public alarm and fear, said Deputy Presiding Judge of the State Courts Jennifer Marie.

James Raj used specialised software tools to avoid detection which was a high degree of premeditation, planning and sophistication, the judge said.

The judge added that Arokiasamy used specialised software to avoid detection, which indicates a high degree of premeditation, planning and sophistication. It took the police more than 2,465 man-hours to investigate the attacks.

An additional plea that Arokiasamy submitted citing that he had not acted maliciously was rejected. The Judge agreed with the prosecution that his cyber intrusions were neither amateurish nor committed naively.

“His intention… was to instill fear and trepidation. Given the current climate where international and domestic terrorist security threats are more prevalent than before, a threat to the IT systems (and) cyber-attacks in a highly networked country like Singapore should be visited with exemplary sentences,” the Judge said.