The nationwide hacking and defacement of Indian websites led by a Malaysia-based hacker group is just one part of a massive cyber attack aimed at India.
The Free Press Journal has learned that the same hackers have already hacked scores of bank accounts as well as Facebook accounts and have now trained their sights on the official website of the Bharatiya Janata Party.
Since Monday, hundreds of Indian websites, both government and private, have been hacked and the home pages have been replaced by a message, stating that this is retaliation for suspended BJP spokesperson Nupur Sharma's recent derogatory comments on Islam. Indian cyber crime agencies have been working overtime to restore the hacked websites, which include at least one Embassy website and one police commissionerate in Maharashtra.
A deeper investigation into the matter, however, indicates that this is just the tip of the iceberg.
Cybersecurity agencies, both government and civilian, have been conducting repeated sweeps of the dark web to monitor chatter about the cyber attack and have made some alarming findings. According to investigations conducted so far, the cyber attack is being spearheaded by a Malaysia-based pro-Palestine hacker group called DragonForce. The group is a self-styled 'hacktivist' group, which means that they claim to do activism through hacking. Typically, hacktivist groups target governments that are opposed to their ideologies.
The investigation has further revealed that the first call to attack India in cyberspace went out on June 10, when DragonForce appealed to all Muslim hackers around the world to attack Indian government websites. The operation was dubbed 'OpsPatuk', patuk being the Malay word for 'strike back'. Hundreds of messages were posted on discussion forums on the dark web, with hackers first sharing their ideas and then their exploits.
“On Sunday, one hacker claimed to have compromised one of the servers of a popular Indian website hosting service, used by hundreds of Indian websites. The hacker also posted a list of websites using this server, inviting all and sundry to hack them. On Monday, the hacking of the websites began. We are still investigating how many of the hacked and defaced websites were hosted by this server,” a senior Cyber Crime officer said.
DragonForce, meanwhile, kept adding its own contributions as well. They first posted a list of bank accounts with a leading government bank in India on dark web forums. This was followed by a huge packet of hacked Indian Facebook accounts, which were posted in MS Excel format. This included the full names of the Facebook users, their email ids and passwords. Evidence of them having hacked several Indian websites was also shared.
During a further sweep of the dark web, investigators also found a single message posted by another hacker on a forum, in which he posted the link to the BJP's official website and invited everyone to try and hack it.
DragonForce also took to social media, posting a tweet about their threat to India. Investigators have also found that they posted similar messages on the video-sharing platform TikTok, with the hashtag #opspatuk. As of Monday, posts with this hashtag had more than 2.4 million views.
“Our investigation suggests that DragonForce and its allies also plan to target logistics and supply chain companies, educational institutions, technology and software companies and web hosting providers in the days to come,” a source told FPJ.
The message posted on a dark web forum asking hackers to hack the BJP website | FPJ photo
A screenshot of the backed bank accounts shared on the dark web | FPJ photo
A screenshot of the hacked Facebook accounts shared on the dark web | FPJ photo