The Election Commission of Pakistan’s website ecp.gov.pk was reportedly attacked by an Indian hacker on Friday.
The attacker, who identified himself as NIGh7 F0x, has defaced the home page and possibly compromised its availability to visitors, according to cyber experts – an indication that the ECP’s database was compromised as well.
The cyber attack on ECP’s website was a hot topic on Saturday. People on various internet forums complained about not being able to access the site. The attack came at a time when the traffic on the website had increased ahead of general elections, due to take place in 41 days.
The ECP stated that, despite a second cyber attack since Friday evening, all its data is safe and its website would be restored after they shift it on another server, according to reports on TV channels. The ECP, according to hacker forum www.thehackerspost.com , claimed that their IT team has designed a system which is difficult to breach. However, they also said the nature of attack was unknown.
Cyber experts, however, had a different view on the subject.
“It looks like ECP’s own server was penetrated and compromised,” said Barrister Zahid Jamil, an expert on cyber and privacy laws. “If their server was secured, there was no need to shift to another server,” he said. “If their data was available on the core server – the same server, which seems to have been attacked – this would mean serious problems for the ECP,” he said.
Responding to a question, Jamil said there are two ways one can attack any website. The attacker can penetrate the actual server of the target website (ECP in this case) and create changes in the system or even steal data.
Secondly, the attacker can steal the password of the target website and penetrate its host website, which has registered the former’s Internet Protocol (IP) address. He can then make changes to the target’s IP address and redirect traffic to his own or some other website.
“The attack under discussion seems to be of the first type,” Jamil said. The ECP’s IP address is registered with PKNIC, which is a shared registry system – based out of United States – that manages .pk domain name space (DNS) for Pakistani websites.
The hacker seemed to have penetrated the website first, and then defaced its homepage and eventually compromised its availability, according to Rafay Baloch, an independent security researcher who runs a security blog.
The availability of any site is usually compromised through a Distributed Denial-of-Service (DDoS) attack – in which huge amount of traffic is directed to a particular website to compromise its availability to visitors. “But this is too early to say if it was one,” said Baloch.
Baloch further said Indian black hats are targeting Pakistani websites almost on a daily basis – the Federal Investigation Agency is also in the know.
Published in The Express Tribune, March 31st, 2013.
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ