Recent Tube

MyLiveMint

Monday, 14 January 2019

French hacker claims data on Narendra Modi website compromised, wants Indian PM to contact him in private

Robert Baptiste aka Elliot Alderson says that official website of Narendra Modi has security problems and that he can do a full security if the Indian Prime Minister contacts him.


HIGHLIGHTS

  • The security bug on narendramodi.in has been found someone else and not Baptiste.
  • The French hacker says that someone gained unauthorised access to PM's website and uploaded a simple text file on it.
  • Baptiste is the same person who earlier found bugs in Aadhaar programme and challenged UIDAI.
A French cyber security researcher and ethical hacker on Monday morning tweeted that official website of Indian Prime Minister Narendra Modi has been compromised and that someone unauthorised already has access to full website data. The hacker, who goes by name of Elliot Alderson on Twitter, says that the person who has unauthorised access to narendramodi.in uploaded a simple text file on the site server as a proof and then alerted him.
Alderson's real name is Robert Baptiste and he is fairly well-known in India because of his challenges to UIDAI after he found security loopholes and bugs in India's Aadhaar programme and Aadhaar app.
From his latest tweet it is clear that Baptiste is not the one who got the access to narendramodi.in servers. He says that someone else did it and then alerted him.
Update: It seems that the team that runs Modi's website noticed tweet from Baptiste and quickly got in touch with him. The French hacker tweeted, "Contact has been done with their team... I had a nice chat with the narendramodi.in team. They will take the appropriate measures and solve the issue."
Earlier Baptiste had tweeted: "Hi @narendramodi, A security issue has been detected on your website. An anonymous source uploaded a txt file containing my name on your websites in realtime. He also have a full access to your database. You should contact me in private and start a security audit ASAP!"
In his next tweet, Baptiste clarified, "PS: The vulnerability is working for the staging subdomain but also for the main website PS1: I didn't upload this file, I'm not that stupid. PS2: The source deleted the file on my request just after I see it."
If what Baptiste says is accurate it potentially gives the person who has unauthorised access to Modi's website almost full control over the site. Baptiste says that the person has full access to data stored on the website, and while it is possible that this data may not contain sensitive details about the Indian Prime Minister, it may reveal a lot about the website itself, including how many users it has, the details of these users as well as may allow the person with unauthorised access to deface the website.
The website usually contains news about Narendra Modi, his biography, his public schedule as well as has interactive tools for users.

No comments:

Post a Comment