Saturday October 13 2007 10:02 IST
HYDERABAD: Belying claims that computer systems in government offices are secure, unidentified hackers have managed to host a phishing site of an American bank through the official website of the Sardar Vallabhbhai Patel National Police Academy (SVPNPA) a couple of days ago.
The US-based F-secure has alerted SVPNPA officials and India’s Computer Emergency Response Team (CERT-IN) that the Academy was hosting a phishing site posing as the Bank of America. Subsequently, the site was removed.
This is the second major Indian website to experience trouble of late, with the Bank of India online being compromised by several Trojan attacks in August this year. In a statement posted on their website, F-Secure senior security specialist Patrik Runald, who alerted the NPA about the problem, said:
“All we know at this stage is that somehow SVPNPA’s server has been compromised and a phishing site has been uploaded through the same.” A clear sign that the Bank of America’s phishing site was fraudulent was that it carried a logo of the US Olympic sponsorship for the US sports team during 2000- 2004.
According to official sources, the number of phishing sites hosted on government domains around the world has been on rise in recent months. These fraudulent sites look like the legitimate websites and are designed to trick users into divulging personal information such as government issued identity numbers, bank password or credit card numbers.
Most phishing sites are placed on government web servers by hackers who gain access to the server through backdoors, a vulnerable web interface or some other means.
The sources said hosting a phishing web page on a government site has a number of advantages for a phisher. Government websites often receive a high volume of traffic, so their servers can handle the extra traffic generated by a phishing site.
While confirming the raid on their website, a senior official of the SVPNPA told this website's newspaper that the matter was reported to CERT and further investigations were on.
No comments:
Post a Comment