Light Dark
November 8, 2016 By Douglas Bonderud 2 min read

With governments rapidly expanding online service capabilities, it’s no surprise that nation-states have begun to attack each other’s websites and databases to advance federal agendas.

According to The Hacker News, however, seven Indian Embassy websites were recently attacked not by nationalists or hacktivists, but by penetration testers who wanted government IT to “pay attention to the issues with their crucial websites.” This Indian Embassy hack exposed hundreds of personal records belonging to Indian citizens and students living abroad.

Penetration Testers Gone Rogue

When it comes to embassy cyberattacks, the most likely scenario involves another country either covertly or openly causing trouble to prove a point. As noted by Softpedia, for example, Turkish cybercriminals defaced the website of Russia’s Israel-based embassy in January 2016.

Additionally, The Express Tribune reported that actors known as Intruder and Romantic compromised seven Indian Embassy websites in June, taking down official functions and leaving pro-Pakistan messages in their wake. This latest embassy web attack, however, seems unrelated to any international conflict and was likely more a test of IT security.

The hackers, known as Kapustkiy and Kasimierz, claimed India’s IT defenses were “poor.” Multiple domains were tied to SQL injection, enabling the actors to compromise the web app and steal sensitive information. They also discovered that user and admin passwords were stored in plaintext without any type of hashing — which is bad news for any site that records and stores personal data.

Indian Embassy Hack Exposes Hundreds of Records

According to The Huffington Post, Kapustkiy and Kasimierz were able to compromise sites in South Africa, Libya, Italy, Switzerland, Malawi, Mali and Romania. Once inside embassy databases, they stole personal information belonging to more than 500 Indian citizens, most of them students, and uploaded it to Pastebin.

Everything from names and passport details to phone numbers and email addresses were made publicly available, although it appears the hackers took the data down after a few days.

While the so-called penetration testers claim they “did not leak anything like real addresses, city or zip code,” according to The Hacker News, and their intention was simply to draw more attention to IT security on the affected websites, other nondisclosure avenues would have served the purpose just as well.

Lessons Learned

Regardless of their intentions, however, the recent Indian Embassy hack raises two important points. First, governments must adopt more proactive web security policies. Leaving embassy sites open to SQL attacks and storing passwords in plaintext presents an easy avenue of attack for even entry-level cybercriminals.

The rise of self-starter security professionals, meanwhile, means that governments must be prepared for security notifications that don’t follow the accepted pattern of “breach, report, disclose,” with disclosure only occurring if issues are not resolved in a timely fashion.

Put simply, if web systems aren’t secure when they go live, governments can expect to see citizen information posted on Pastebin and reported by IT security news outlets. That’s not exactly great national PR or good for citizens’ peace of mind.

 |  |  | 
Douglas Bonderud
Freelance Writer

More from

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature