Delhi BJP Website Hacked; Pro-Pak, Anti-Modi Messages Posted
The web page also read Pakistan and Kashmir zindabad.
The Bharatiya Janata Party’s (BJP) Delhi website has been hacked. The website, under the same bjp.org domain, appears to be landing on a page delhi.bjp.org/kashmir, which redirects to a single page site, with a message from the hackers.
The hacker group, called _Muhammad Bilal TeAM [PCE] has posted hate messages against India and Prime Minister Narendra Modi, asking the country to remember 27 February (Wing Commander Abhinandan was captured by Pakistan).
“Ghar main ghuss kar marain gy,” a message read.
Another message read, “I can lie a lot, can i also get a ‘Vir Chakra’ like Abhinandan?”.
The message ended with a hashtag that used abusive language against PM Modi, and an Email ID - firstname.lastname@example.org - probably the hacker group’s email ID.
Security researcher Elliot Alderson, who often posts about Indian government’s online lapses, pointed out the hack on twitter. He said that the page, Kashmir.html is loaded from a service called PasteBin, that allows users to make dummy web pages.
Alderson also tweeted out the decoded version of the page. He said that he found signs of stores XSS or cross-site scripting, a web security vulnerability that allows an attacker to bypass the policy that is designed to segregate websites from one another.
XSS usually allows an attacker to pose as a victim user and carry out any actions that the user is able to perform, and to access any of the user’s data.
Alderson further pointed out the same domain of the Delhi BJP and the main BJP website, saying that the Delhi BJP site is just a subdomain of the BJP website’s domain. He said that both are on the same server.
Third Such Incident This Year
In May, as Prime Minister Narendra Modi was set to take oath for his second term, the BJP website was hacked and filled with content around beef items.
The hacker or hacking group who goes by the handle Shadow_V1P3R has even have put out ingredients and recipes for certain beef dishes as well.
The website, which doesn’t carry a https certification (critical for secure websites), was seen carrying a mast with the mention of Shadow Viper, the likely hacker group responsible for hacking and putting up the beef content on it.
The BJP website was allegedly hacked earlier in March as well. The website was down for almost two weeks. Although the page said that the website is under maintenance and will be back up soon, there were speculations that the website had been hacked, and it was taking long because the party must have lost all the data.
However, it was never confirmed that the site was down all that while because of being hacked.
(The Quint is available on Telegram. For handpicked stories every day, subscribe to us on Telegram)
Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.