Delhi BJP Website Hacked-Anti-Modi Messages Posted
The Delhi website of Bharatiya Janata Party’s (BJP) has been hacked.
The Delhi website of Bharatiya Janata Party’s (BJP) has been hacked. The website, under the same bjp.org domain, appears to be landing on a page delhi.bjp.org/kashmir, which redirects to a single page site, with a message from the hackers.
_Muhammad Bilal TeAM [PCE] is the group of the hacker who has posted hate messages against India and Prime Minister Narendra Modi, asking the country to remember 27 February (Wing Commander Abhinandan was captured by Pakistan).
“Ghar main ghuss kar marain gy,” a message read.
Another message read, “I can lie a lot, can I also get a ‘Vir Chakra’ like Abhinandan?”.
The message ended with a hashtag that used abusive language against PM Modi, and an Email ID - firstname.lastname@example.org - probably the hacker group’s email ID.
Security researcher Elliot Alderson, who often posts about the Indian government’s online lapses, pointed out the hack on Twitter. He said that the page, Kashmir.html is loaded from a service called PasteBin, which allows users to make dummy web pages.
Alderson also tweeted out the decoded version of the page. He said that he found signs of stores XSS or cross-site scripting, a web security vulnerability that allows an attacker to bypass the policy that is designed to segregate websites from one another.
Alderson further pointed out the same domain of the Delhi BJP and the main BJP website, saying that the Delhi BJP site is just a subdomain of the BJP website’s domain. He said that both are on the same server.
This Is The Third Such Incident In This Year
In May, as Prime Minister Narendra Modi was set to take oath for his second term, the BJP website was hacked and filled with content around beef items.
The website, which doesn’t carry an https certification (critical for secure websites), was seen carrying a mast with the mention of Shadow Viper, the likely hacker group responsible for hacking and putting up the beef content on it.
The BJP website was allegedly hacked earlier in March as well. The website was down for almost two weeks. Although the page said that the website is under maintenance and will be back up soon, there were speculations that the website had been hacked, and it was taking long because the party must have lost all the data.
However, it was never confirmed that the site was down all that while because of being hacked.