An Indian External
Affairs Ministry official has thanked a 17-year-old hacker who exposed flaws in
Indian diplomatic missions’ websites that allowed intruders to gain access to
non-public information, and said the problems were being fixed.

HighLights :-
  • Flaws allowed intruders to gain access to non-public information
  • Kapustkiy hacked sites of Indian diplomatic missions in eight countries
  • He said that his intentions in carrying out the hack were good
“Thank you for
your advice,” Sanjay Kumar Verma, Joint Secretary, eGovernance and
Information Technology wrote to the hacker who uses the identity, Kapustkiy.
“We are fixing codes one by one.”
“Your help in
probing websites of various Indian embassies is a great help,” he added.
Kapustkiy, who
posted Verma’s message to him on his Twitter account and copied to an IANS
correspondent, has broken into websites of Indian diplomatic missions in eight
Meanwhile, the
Indian Consulate here said that its website was being secured. Kapustkiy had
posted on a website some personal information of 418 people registered with the
mission, that he said he got by intruding into its website.
“The consulate
has taken immediate action to secure the contents of its website,” L. T.
Ngaihte, the head of chancery, said in a note to IANS.
In addition to the
New York consulate, Kapustkiy had broken into websites of Indian diplomatic
missions in South Africa, Libya, Malawi, Mali, Italy, Switzerland and Romania
and put some information he had taken from there on, which is open
for public posting of information.
Kapustkiy, who said
he is a student in Tokyo, asserted, “It took me only three seconds to gain
access to their database.”
He said that his
intentions in carrying out the hack were good and that he did not consider
himself a hacker.
“I didn’t want
to do any damage but to let administrators to pay attention (to the
vulnerabilities),” Kapustkiy told IANS in an interview conducted on
Twitter messaging.
He said that he
decided to post some information on because he did not get a
response from website administrators when he pointed out the flaws.
“While we
appreciate your help, please do not post the details on Paste Bin,” Verma
wrote to him.
Verma’s response
was in reply to Kapustkyi’s email with suggestions on fixing the security
flaws. He used ProtonMail, a secure service that operates under the strict
Swiss laws that protect the identity of users and the communications.
The personal
information from the New York Consulate General that was posted on
has been removed while some non-personal information remained as of Wednesday
evening. The material from other Indian missions were scrubbed earlier.

via Blogger