Thane: The website of the Thane Police was defaced by a group calling itself "ONE HAT CYBER TEAM"; the latest in a series of Distributed Denial-of-Service (DDoS) attacks against various Indian government websites following the controversy over former BJP spokesperson Nupur Sharma's controversial comments aginst the Islamic Prophet Mohammad.
A message appeared on it apparently directed towards the Indian government and demanding an apology to "Muslims all over the world".
A senior police official here confirmed that the website has been hacked.
"We have contacted the agencies concerned for necessary action. Thane cyber crime team is working on it," he said.
On opening the website, the message on the screen stated: "Hacked by one hat cyber team"
It further said, "Hello Indian Government, Hello everyone. Again and again you make trouble with the problem of the Islamic Religion..." "Hurry up and apologize to Muslims all over the world!! We don't stand still when our apostle is insulted," the message said.
As of 10.30 AM on Tuesday, the Thane Police's website was down for maintenance, although the message page posted by the hackers was taken down.
A group of Malaysian hackers, calling themselves "Dragonforce Malaysia", launched a slew of cyber attacks on close to 70 government websites and private portals in India on Sunday.
The group, according to The Times of India, hacked official websites of the Indian embassy in Israel and the National Institute of Agriculture Extension Management and the Institute of Science, Nagpur among others, and the portals of the Delhi Public School.
In the state of Maharashtra alone, the group defaced more than 50 websites.
Earlier, Sharma's comments sparked a wave of diplomatic protests from several Muslim countries and institutions, namely Saudi Arabia, Qatar, Malaysia, Indonesia and the Organisation of Islamic Cooperation (OIC).
The BJP has suspended her and expelled another party spokesperson, Naveen Jindal, following the diplomatic fallout.
What is a DDoS attack?
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
A DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, thus disrupting trade.
Criminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks.
How much of a threat are DDoS attacks?
When a public facing website or application is unavailable, that can lead to angry customers, lost revenue and brand damage. When business critical applications become unavailable, operations and productivity grind to a halt.
The present spate of attacks against Indian interests are not particularly dangerous, as they are done by non-governmental groups who lack the capacity that organised and powerful state actors can bring to bear.
However, the potential impact of DDoS attacks should not be underestimated.
DDoS attacks are no longer simply designed to deny service, but are increasingly used as a smokescreen to camouflage other cyber-attacks, including data breaches and financial fraud.
In a large proportion of data breaches reported over the last few years, DDoS attacks have been occurring simultaneously, as a component of a wider strategy.
In these cases, DDoS attacks are used as a diversion to distract the attention of the company's security team and cover up much more damaging malevolent activities.
For this reason, organizations should be wary of being quick to claim that their business systems have not been affected by a DDoS attack, because this can be extremely difficult to ascertain.
