`Chinese hackers using HC replica website route`

Last Updated: Sunday, August 7, 2011 - 11:49

New Delhi: Chinese hackers may be using websites similar to those of 19 high courts in the country to spread computer virus which can convert the user`s system into a virtual zombie, a security expert has claimed before the CBI.

Commander (Retd.) Mukesh Saini, former naval officer who
is a cyber security consultant, brought the nefarious designs
of these alleged hackers to the notice of Cybercrime wing of
the CBI recently, which is looking into it.

In his report, Saini highlighted the modus operandi of
these web sites which have addresses similar to the original
ones - for example Delhi high court address is
`http://delhihighcourt.nic.in` while the phishing website
address is `http://delhi.highcourt.in`.

"When we analysed the website script, we found that the
server had a `.cn` location. Also we found that script used in
the website was a declared malware program. These sites are
dangerous because even if a user accidentally accesses them
the malware spreads in his or her system.

"The program is designed in such a way that user`s system
functions normally but hackers can use it to extract any
information without the user knowing it," he claimed.

Such websites came to the notice of Saini, founder of
cyber security firm `Xcyss`, when he was following a news
report on an employment scam running through the fake website of Patna High Court. Further analysis revealed that there were identical websites of 19 high courts in the country.

The design of these replica websites was curious because
it did not seek any information, such as financial details
from the visitor, which prevents them of being suspicious.

When a detailed analysis of its program was done, it
revealed that the purpose was allegedly to infect all the
visitors of these sites and take remote control of the
visitors of High Court websites which may include legal
departments of government, advocates and litigants.

"It was an attempt to infect all the visitors of these
sites and take remote control of the visitors of High Court
websites, including police, CBI, legal departments of
government, advocates and litigants," Saini said.

He claimed that these sites were operating since 2006 and
as per the records gathered by his firm, these sites were
infecting Indian computers since January 2009.

"Hence, we thought it right to inform the authority
concerned and seeing the transnational impact of this, I gave
a report to the CBI which is examining it and would take
action suitable under the law," he said.

PTI



First Published: Sunday, August 7, 2011 - 11:49

comments powered by Disqus