FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


No website is secure from this man





manumiglani
I just saw a TV news program in which a person named Mitesh Sharma of India hacked the websites of IndiaBulls, IDBI and many other online banking sites within minutes Live in front of camera and transferred money through the bank accounts without having access to the account no.s and passwords....... He even donated money to temples and NGO's from the bank accounts........ The whole episode was broadcasted Live on IndiaTV


Most importantly, all the sites he hacked were having digital certifications and information on their servers are encrypted.......... He claimed that any website could be hacked by this method of his.....

The Government of India is now thinking of sending this whole episode to Indian Computer Emergency Response Team for further investigation and prevention measures...
Scorpio
I'd like to read more about this..

Could you give the exact link to the news item?
mstreet
Wow this is interesting and yet quite scary at the same time. It does make me wonder how safe is the net when it comes to financials and identity.
manumiglani
@ scorpio
If you would like to know more abt it then better watch Indiatv. They are showing special updates abt this episode.
exarkun
It makes me stop and think for a second... Is he only capable of hacking only India's website? ;p
manumiglani
exarkun wrote:
It makes me stop and think for a second... Is he only capable of hacking only India's website? ;p


Where did I said that he hacked only Indian websites?
Hobbit
manumiglani wrote:
exarkun wrote:
It makes me stop and think for a second... Is he only capable of hacking only India's website? ;p


Where did I said that he hacked only Indian websites?

Yeah specially since the internet is everywhere.

This is pretty interesting, I hate hackers. He probably just found a big bug that every site has in common, that's my theory.
d4rch
Quote:
I hate hackers.

It depends on the goal they want to reach. Some (many) of them try to profit of the hacking (earning money with no-wanted advertising...). But a few part like this man I think help to improve informatic and especially web security.
I hate the firsts but for the others no problem !
r_y_e_20
That is a message for any country to fasten their laws on web information issues. Or else things will get even worrse. I wonder what techology this man uses.
ColdFire
Are you sure that's a live news update you watched & not a movie?? LOL
I remember seeing a similar scene in a movie starring John Travolta, i think its "SwordTail" or "SwordFish" something...
manumiglani
ColdFire wrote:
Are you sure that's a live news update you watched & not a movie?? LOL
I remember seeing a similar scene in a movie starring John Travolta, i think its "SwordTail" or "SwordFish" something...


nah......... I haven't watched these movies
urangkayo
i think this is a movie, not in a real world Smile
Scorpio
manumiglani wrote:
@ scorpio
If you would like to know more abt it then better watch Indiatv. They are showing special updates abt this episode.


Sorry about the late reply, but I dont get IndiaTV where I am..

Though I do have CNN IBN, NDTV, Headlines Today, TimesNow etc
alkutob
Is he in prison now ?

if so , I wonder if he can ask to connect friends on the internet from the jail ... He may donate from there too ..hahaaaaaaaaa
FunDa
Is this really true ? That he did it in front of cameras ?

Does anybody have links to the videos somewhere? Or the articles ...
fx-trading-education
I think that it's just one more risk for banks.
They can anyway get robbed by more classic means as well.
And no prevention mesure is perfect.

But for me the interesting point would be: did the bank customer get the money back once the problem has been detected. i.e. who supports the risk, the bank or the customer?
r_y_e_20
Could there be some hoax with this news, apparently ive searched about this man in the internet and found nothing about website hacked, instead just some I.T related articles. Can you give us a direct link to prove this? if its controversial that it was shown on tv, there should be some evident websites to support, but so far i found none.
manumiglani
r_y_e_20, Even I tried to find out the news in paper in readable format but failed. I think the website of Indiatv is still in beta, so they are not offering news on their site.
vashish87
Come on guys! A real hacker would be smart enough not to get exposed (and remember, India's official cybercrime unit isn't very confidence-inducing - press reporters actually said the investigators were computer-savvy because "they check(ed) their mail everday"). Probably just an overhyped script kiddie somewhere.
evilryu530
without the actual fact, i call fake,
Bikerman
manumiglani wrote:

Most importantly, all the sites he hacked were having digital certifications and information on their servers are encrypted.......... He claimed that any website could be hacked by this method of his.....

Speaking from my experiene in computing I find this a little unbelievable (that is not to say you are wrong or misleading us, I must make that plain).
Modern key pairs and digital certification simply CANNOT be cracked ad-hoc in a few keystrokes, even if you are the luckiest person alive. There are some older systems of encryption which are flawed and can be reverse engineered in advance (ie you don't need to try a brute-strength approach), but to my knowledge all the modern key pair and digital certification systems are pretty secure and those used by most financial institutions are extremely secure.
Two possibilities immedfiately present themselves :
1) Inside knowledge. Most hacking relies on insider knowledge. In the old days (yes...I did a bit in my much younger days) it was simply a case of guessing a password and using a dictionary with a simple swap algorithm to try perms out. Nowadays the same approach can still work if the system is not managed properly - ie if staff have too much access with too little security monitoring. Believe it or not the most common password that I used to find worked was...yep...'password'.
A system would have to be terribly designed to allow a user to compromise it with a password back-door though and I seriously cannot imagine any system manager of a bank falling for that one.

2) Setup. Posed for the cameras for whatever motive.

Modern cryptography is so secure that I really cannot imagine that this guy has just waltzed through a properly secured system without a major cheat of some sort....
OK - if the bank or finance house is using standard windows md4 hashed passwords then, yes, you can crack it. If they are, however, then the system manager should be hung by his tender bits for a very long time because it would be criminal stupidity. A bare minimum would be MD5 or preferrably Blowfish hashing on the passwords and I can tell you with some confidence that nobody, no matter how smart, can walk through a 128bit blowfish hashed password - there are about 16 quadrillion permutations per hash pair....

I wouldn't get too panicky..

Regards
Chris
fx-trading-education
Quote:
Modern key pairs and digital certification simply CANNOT be cracked ad-hoc in a few keystrokes, even if you are the luckiest person alive


I agree with that. Once a secure connection has been established (by SSL for instance) you cannot crack the communication even in a matter of days.
But if I remember well my security courses (that is not sure) I think that if you are lucky to intercept the packets just at the very moment the SSL communication is established you may be able to crack the session key that needs to be exchanged.

Anyway, I think that nobody can crack encrypted communication or data when it wants in a few keystrokes.
manumiglani
Hello Bikerman, fx-trading-education
I respect your views friends.

He was able to login as any customer. Where did that state that he decrypted the information on the server. To login as a customer you do not need to decrypt the information on the server. Do u?
I could be wrong as always.
fx-trading-education
Hi Manumiglani

so maybe I misunderstood your sentence
Quote:
Most importantly, all the sites he hacked were having digital certifications and information on their servers are encrypted.......... He claimed that any website could be hacked by this method of his.....

I thought he accessed the encrypted information.

Normally, to login as a customer you have to provide a password and the password is transmitted and stored in a encrypted form. So there is still encryption involved I think if you want to intercept and decode a password.

But maybe this guy has a way to break into the system without giving any password, but in such a case it means that there is a huge security flaw.
Anyway it would be interested to know more about this case
mOrpheuS
Search google for this guy and the only result you get is ... this very thread at FRIHost .

Seriously, now ... this simply must be sensational.
And yet ! no one, except us at FRIHost, seems to have heard of this guy ! Confused

I'll reserve judgement, but I have my doubts about the authenticity of this news.
In other words ... I'm not running out of my house if "IndiaTV" tells me it's on fire.
SgtGarcia
Maybe indiatvs beta website needed some visitors looking for certain news articles. I think they succeeded by doing this Razz
poiko123
Our government has employed some of the best hackers in the world to find loopholes in our governement's internet security. This reminds me of a 60 minutes episode in which a man said it would take him 22 minutes to shutdown the 7 main power grids in the entire US. I don't exactly feel safe with online banking systems...
Bikerman
manumiglani wrote:
Hello Bikerman, fx-trading-education
I respect your views friends.

He was able to login as any customer. Where did that state that he decrypted the information on the server. To login as a customer you do not need to decrypt the information on the server. Do u?
I could be wrong as always.


You do, however, need to crack the hash/key pair security and deal with https protocol traffic.
I stand by my earlier comments ; either insider info or a stunt.
Chris
ck88
Sounds incredible. To bad that there is no credible source/reference to verify the hack.
Related topics
How To : Secure Your PHP Website
the earthquake in pakistan
Not able 2 access my website's control panel
Secure website with password?
a man's illness has delayed projects worth 0.69bn
Hosting your own website
Orkut invite
Creating a limited user in Linux
Man Utd reject Real's Ruud offer
How make my website popular
Beating your kids to teach them discipline? I don't think so
We are in control.
Keeping Secure with Cookies
FRIH$ 250 for answers - secure administr of dynamic website
Reply to topic    Frihost Forum Index -> Lifestyle and News -> Discuss World News

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.