Pakistani hackers hit Indian railway website

by Graham Cluley on December 26, 2008 | Comments Off

Filed Under: Uncategorized


The official website of Eastern Railway, part of the state-owned Indian railway network, was struck by an SQL Injection attack earlier this week by a hacking gang believed to be based in Pakistan.

According to reports, the www.easternrailway.gov.in website was defaced with messages such as "Cyber war has been declared on Indian cyberspace by Whackerz-Pakistan", "Indians hit hard by Zaid Hamid" and "You are hacked".

A further message was displayed claiming that the website had been hacked as a response to an alleged violation of Pakistan's air space by India earlier this month.

Officials at Eastern Railway claim that the website hack was achieved through an SQL injection attack, similar to the others that we see everyday striking websites around the world installing malware.

As far as we can tell, no malware was installed during this SQL injection attack, for which everyone should be grateful. Nevertheless it's embarrassing for the companies concerned that their websites were not written more securely in the first place to prevent the hack attempt from succeeding.

Of course, this is not the first time that Indian and Pakistani hackers have attacked each other's country via the internet. For instance, in 2002 Pakistani government websites were struck by a denial of service attack, and aggressive messages have been embedded inside viruses threatening Pakistani hackers.

Tags: , ,

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can subscribe to Graham's updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.