Project India Cracked

Older News defaced? (Posted @ 7:56:44: 4/8/2002 GMT+8)
The group NDSA (National Data Security Agency of Pakistan) claims to have defaced In the defacement, they say "I like Kajool but i dun like Indians lamming about Pakistan and Kashmir ?". A quick Whois at reveals that was owned by a "Itamar Even-Zohar". That name had figured in the previous news too. See the next story "defaced". The creating date of the DNS entry is "2002-08-01". Of course it could be that NDSA had been able to change the DNS records.

But, the Bollywood actress is named Kajol and not Kajool, right? "defaced" (Posted @ 8:38:51: 31/7/2002 GMT+8)
A group calling itself "National Data Security Agency of Pakistan" (NDSA) has claimed to have defaced However, some interesting background information reveals that there is more that what meets the eye.

According to Gandi whois, the domain was registerd on 2002-07-28, just the before the defacement. The domain is registered by "Itamar Even-Zohar", whose contact email is The official Indian Army website is

AIC back in action (Posted @ 11:36:43: 20/7/2002 GMT+8)
After lying low for some time, the group Anti India Crew (AIC) is back in action. They have defaced around 10 sites this month alone. An interesting detail is that in one of their defacement, they write

we have changed our current email for security reasons, our new email will be mentioned soon in our next defaces.

Telecom Regulatory of India website defaced (Posted @ 20:45:15: 10/7/2002 GMT+8)
The Telecom Regulatory of India website was defaced by a group called FBH. The following content was displayed on the defaced website:

Abunasar of FBH For The freedom of Indian Occupied Kashmir Greetz t0
macwiz Numan JenKinZ Mr-BaSiT aTiF anD thecooldude"

"Indians hacked govt website: Pak" (Posted @ 9:18:15: 30/6/2002 GMT+8)
Pakistani officials have claimed that Indian hackers blocked a government information website by launching a DoS attack. This was reported by an artilcle in The Economic Times.

The website hosted by the Information Ministry has been blocked for the past three days by Indian hackers through the elementary Denial of Service attack, the 'Dawn' daily quoted the officials as saying.

Resumption of update (Posted @ 14:47:07: 28/6/2002 GMT+8)
India Cracked is back on course as I am back from vacation.


On a break (Posted @ 10:46:31: 2/6/2002 GMT+8)
I will be taking a break from work and going back to India. Hence Project India Cracked will no be updated regularly for about a month.


AIC delivers on 'promise' (Posted @ 9:38:48: 1/5/2002 GMT+8)
As promised in the article in The Hindu, the group AIC has defaced the website of Central Board of Excise and Customs (CBEC), AIC had earlier challenged Anit Fadia to prevent the defacement of the CBEC website. From the defaced site:


The Hindu - "Hacker threat to CBEC website " (Posted @ 9:31:03: 1/5/2002 GMT+8)
The Hindu carried an article on April 30th in which AIC had threatened to defaced the website of Central Board of Excise and Customs (CBEC), within the next two days and challenged Ankit Fadia to prevent this from happening. From the article:

What appears to have angered the AIC was the claim in the rediff interview that Mr. Fadia had alerted a U.S. spy agency which hired him after he eavesdropped on the chat of some Pakistani hackers planning to hack an Indian website. According to the interview, the site was pulled down and reloaded with anti-cracking software in place.The AIC, in its e-mail, questioned as to why Mr. Fadia had to alert a U.S. agency and if he was capable enough he could have "hacked the site himself and patched it so that the Paki hackers could not do anything bad". The AIC maintained that if it succeeded in hacking the CBEC site, Mr. Fadia should stop calling himself a hacker.

Happy Birthday PIC (Posted @ 17:56:07: 29/4/2002 GMT+8)
Project India Cracked (PIC) completes 2 years of existance. PIC was started on 28/04/2002. These 2 years have seens its share of ups and downs, but PIC has survived, so far! As of now, PIC's stats reads:
Total number of defacements recorded - 651
No. of distinct defacers =126

The biggest change in the last one year was the revamp of PIC's UI and backend database structure. Hope you all liked it.

AIC and WFD 'dedicates' a defacement to Ankit Fadia (Posted @ 10:00:48: 26/4/2002 GMT+8)
Groups AIC and WFD has jointly defaced and dedicated it to Ankit Fadia, who had been hailed as "Wunderkind" by Looks like a semi-personal cyber battle in progress. The text of the defacement is worth the read!

Rediff coverage on Ankit Fadia (Posted @ 8:31:37: 19/4/2002 GMT+8)
Rediff had an article on the 16 year old 'hacker' Ankit Fadia. The article talks about Ankit's rise to stardom, his exploits and how he was "invited by the US Federal Bureau of Investigation to lecture its agents at a convention in Florida last year, which was called off at the last minute due to the September 11 attacks".

AIC attacks VSNL (Posted @ 11:12:16: 15/4/2002 GMT+8)
The group called AIC (Anti India Crew) has defaced a machine in Videsh Sanchar Nigam Limited (VSNL) domain. The machine with the URL was defaced with the wording "AIC OWNS YOUR *.VSNL.* BOXEN ?" and asking for the visitors to sign a petition to take sanction against Israel for war crimes.

What is interesting is that the URL of the machine gives the impression that the machine is related to the DNS/DHCP lease service and a compramise on such a machine could result to serious trouble for VSNL.

AIC has been very active recently, defacing sites of IIT Kharagpur, and over 20 sites on April 1st.

Article - "Tracker Gets A Visit From Hacker!" (Posted @ 17:51:59: 22/3/2002 GMT+8)
The March 15th edition of Financial Express carried an article titled "Tracker Gets A Visit From Hacker!". It talks about the fact that for some days, the link from National Crime Record Bureaupointing to Calcutta Police was being directed to some porn site.

Still not fully up (Posted @ 17:42:12: 22/3/2002 GMT+8)
I have updated the list with some defacements by AIC that was mirroed by a new site Zone-H.Org. seems to be up, but their mailing list doesn't seem to be working, as with

Alldas.Org update (Posted @ 10:25:02: 4/3/2002 GMT+8)
Alldas.Org is up but the mirroring process hasn't started yet. So India Cracked is also not being updated. I have not received any email from groups regarding any defacements (quiet surprising). If I get any, the mirrors will be updated.

Update on inactivity (Posted @ 7:38:26: 18/2/2002 GMT+8)
There has been virtually no activity on India Cracked for some days now. This is because,, the only remaining defacement mirroring site is closing down the site. They say that the project will continue as, but don't expect it to be functionaly before 01.03.2002. I have not received information about any defacement myself and hence the list is at a standstill. Hopefully Alldas.Org will continue from where stopped and all will be well! dead? (Posted @ 9:05:11: 7/2/2002 GMT+8)
It looks like is dead or atleast in hibernation. The website hasn't mirrored any defacements after 3rd February and there are, at the moment, 290 emails on hold! This is the reason why there has been no activity on India Cracked also. If you have knowledge of any defacement, please let me know so that, if possible, I can try to take a mirror the same.

"Riptech Internet Security Threat Report" (Posted @ 11:13:51: 1/2/2002 GMT+8)
Riptech Inc. has published a report titled "Riptech Internet Security Threat Report, Attack Trends for Q3 and Q4 of 2001". You can download it here. stops defacement mirroring (Posted @ 4:58:16: 25/1/2002 GMT+8)
Zillion of has decided "No more mirrors, this is the end ;/". He says that "This site is sucking up all my free time, energy and has a negative influence on my personal live." was a very fast mirroring site compared to and will be missed. I wonder how long India Cracked will survive!

Gulf News - "FBI probing Pakistan-based hackers" (Posted @ 8:07:28: 15/1/2002 GMT+8)
An article in Gulf News titled "FBI probing Pakistan-based hackers" states that the United States Federal Bureau of Investigations (FBI) and Taiwanese officials are investigating into alleged attacks on Taiwanese company GigaMedia and using their server as a base for attack on Pentagon and U.S. Department of defense.

Discussion Board removed (Posted @ 12:17:34: 10/1/2002 GMT+8)
The discission board has been removed from the site for several reasons, foul language being used and repeated attempts to gain illegal admin access being the most important one.

"Indo-Pak war raging in cyberspace" (Posted @ 8:48:17: 4/1/2002 GMT+8)
An article in the IndiaTimes titled Indo-Pak war raging in cyberspace" discusses the ISI involvement in the anti India cracking attempts. The author has got couple of facts wrong, but overall an ok article on the state of affairs.

SiliconIndia website defaced (Posted @ 21:35:31: 1/1/2002 GMT+8)
The website of SiliconIndia was defaced by an individual calling himself Dr.Evil.The content of the main page was changed a bit to add the following "news item"

SiliconIndia claims to be "the premiere Business and Technology magazine that provides information, news, analysis and opinion on business and technology in India and the United States. It is a forum for Indian professionals to interact, exchange information, develop business relations and share industry expertise."

Happy New Year (Posted @ 9:49:45: 1/1/2002 GMT+8)
Happy New Year to all. Hope you year is full of peace, prosperity and happiness.

Interview with staff of Attrition.Org and (Posted @ 12:26:05: 29/12/2001 GMT+8)
Project India Cracked had conducted email based interview with the staff of Attrition.Org and regarding various aspects related to the mirroring of website defacements. The answers have been published online here.

"Some Companies Simply Don't Care" (Posted @ 11:23:36: 28/12/2001 GMT+8)
Stumbled on a nice article titled "Some Companies Simply Don't Care", and a related discussion on Nice reading.

AIC ridicules Indian cyber security (Posted @ 10:38:40: 28/12/2001 GMT+8)
Reacting to the news paper report that quoted Flynn Remedios, a Computer forensic and technical advisor to the cyber crime investigative cell as saying "but now VSNL has put up so many firewalls and other security software that it is nearly impossible to hack it", the group AIC (Anti India Crew) re-defaced (a VSNL server) and two servers belonging to Indian Insitute of Petroleum ( ,

The servers of the IIP is still in the defaced state, while is giving a DNS error, though the IP the shows that the server is still in the defaced state. The IP address of is

AIC and TheBugz exchange heated words at the expense of India sites (Posted @ 10:30:01: 27/12/2001 GMT+8)
It looks like two anti-India groups AIC and TheBugz are at "war"! First, TheBugz used two Indian sites (1, 2) to "show how lame" Attic of AIC was by using logs from IRC sessions. Then AIC uses the defacement of to "explain" the truth behind the previously mentioned IRC logs (calling them fabricated). In the same defacement, AIC reiterates that TheBugz is not a part of AQA (al-Queda Alliance) and claims that "jenkinz" of TheBugz is defacing carded sites.

This was followed by the defacement of Even though this defacement is attributed to TheBugz, the wordings in the defacement says otherwise.

All this at the expense of 4 Indian sites.

[Update]: Earlier on, the defacement of was wrongly attributed by PIC as being done by AIC. However, AIC and 'war4' have clarified that it was not done by AIC, rather, it was done by war4, as clarified by email and the latest defacement of by war4.

2 high profile defacements by AIC (Posted @ 9:23:58: 27/12/2001 GMT+8)
Recently, the group AIC was involved in defacement of two high profile sites. They are:

The IDBI defacement carried a warning "Don't Ever Sleep On Your Systems, Don't Ever Think Your Machines Are Secure, Hell Amigoz...We Are The Scary Things From Your Closet...We Own You & Your Cy-Security Inside Out. You Know It" while the VSNL server defacement carried some message against another cracking group "TheBugz".

WFD's mass defacement (Posted @ 13:29:10: 22/12/2001 GMT+8)
WFD, an anti Indian 'cracking' group has defaced 20 Indian websites in protest against "India blaming Pakistan for the 13th December terrorist attack". The defacement mirror can be found at The defaced sites include :

All the sites are hosted on the IP address

PIC update (Posted @ 1:05:12: 15/12/2001 GMT+8)
Some additional functionalities that a lot of people have been asking for have been added.

Please do let me know of any glaring problems. Take a look. As you might notice, I have only migrated the data of year 2000 and year 2001 into the new system. The migration of year 1999 data is too cumbersome.

Engineering Export Promotion Council website defaced (Posted @ 17:49:36: 11/12/2001 GMT+8)
The website of Engineering Export Promotion Council, India was defaced by B_Real, a member of the group called WFD (World Fantabolous Defacers). According to the server was a Microsoft-IIS/3.0 machine on Windows /Win95/Win98 OS. The admins seems to have recovered fast and at the time of filing this report, the original contents are back online. defaced? (Posted @ 7:36:52: 9/12/2001 GMT+8)
It looks like, the website which describes itself as 'The Great Indian Search Engine' was defaced by the group AIC (Anti India Crew). Even though none of the defacment mirroring sites seem to have a mirror,'s caching process seems to have got the site in the defaced site. The cache file has been saved locally for future reference.

PIC and defacements (Posted @ 10:33:30: 7/12/2001 GMT+8)
Recently, for the first time (as far as I know), Project India Cracked was mentioned in a defacement. This happened in the defacement of I received few emails asking how PIC is related to the defacement. Let me take this oppurtunity to state that PIC is in no way associated with the defacement, except that the defacement has been included in the list maintained by PIC. Any mention of PIC in the defacements is not an indication that PIC has any connection with the defacement or the attacking group.

'The Tribune' defaced (Posted @ 10:22:41: 4/12/2001 GMT+8)
The website of 'The Tribune' was defaced by the group AIC (Anti India Crew). Even though none of the defacement mirroring sites seems to have recorded this defacement, the archive of the 2nd December 2001 edition of The Tribune contains the following passage.

Dear readers,

The Tribune's Website was hacked on December 1 by a group declaring itself as a "Mission Anti India Crew."

A message was posted on the site for a while, before normal service was restored. The message posted by the hacker was essentially anti-India on the Kashmir issue. It also referred to the Palestine and Afghanistan situations.

While efforts are being made to get the site working fully, certain features may not function. Any inconvenience caused is regretted.

The defaced site seems to have included the flash movie that AIC has been using recently.

Back after a break (Posted @ 10:13:02: 4/12/2001 GMT+8)
Project India Cracked had a small break over the weekend which spilled over to Monday, while I was away for a short trip. Back to work now :)

Graphical stats @ PIC (Posted @ 14:16:48: 24/11/2001 GMT+8)
Graphical Statistics has been added to Project India Cracked. This might be helpful in monitoring the trends in attacks on Indian sites. Suggestions are welcome.

Media coverage of Silver Lord's defacements (Posted @ 15:54:25: 23/11/2001 GMT+8)
Indian media has been reporting regularly on the defacements done by the group Silver Lords lately. An article in the Jan 23rd edition of The Hindu titled "Pak. hacker groups deface Indian sites" talks of the recent attacks on sites including, and (Please note that PIC does not fully agree with the branding of Silver Lords as a 'Pak. hacker'). Another article in The Statesman covers the mass defacement of 1200 websites by Silver Lords and is titled "Anti-India hackers deface 1,200 sites". Yet another article at The Statesman reports the defacement of their own site by Silver Lords.

The Statesman defaced (Posted @ 16:01:14: 22/11/2001 GMT+8)
The website of The Statesman was defaced by a group called Silver Lords. The website was still in the defaced state when this report was filed. Open ports include ftp, smtp, telnet, gopher, finger, pop-2, pop-3, login, shell, and imap.

The "- NA -" in defacement mirror URLs (Posted @ 9:08:04: 22/11/2001 GMT+8)
Few entries in the defacement list has the mirror URL as "- NA -" because none of the mirroring sites seems to have mirrored the defacements. However I was able to view the sites in the defaced state (due to an email alerts by the defacing group) before it was restored. The affected sites are:

[Update]: Opps.. forgot to mention that the websites were defaced by "Silver Lords".

Silver Lords breaks into more Indian sites (Posted @ 12:45:30: 20/11/2001 GMT+8)
The group calling itself Silver Lords defaced a couple of Indian websites including (Mirror). The server is down at the time of filing this report. Other defaced websites include:

The group, in an email to India Cracked also claims that they had defaced the second level subdomain of which looks like one of the name servers of NTTINDIA.COM However has no mirror of the defacement.

In another email, Mirinda of Silver Lords claims that "we own 7 servers of but are unable to deface them since webservers aren't installed on them". The email ends with the sentence "We have more surprises for Indians in the near future :)"

PIC Update - Dates of defacement (Posted @ 8:07:13: 17/11/2001 GMT+8)
There has been suggestions of including the date of defacement in the defacement list page. This is a good suggestion and will be implemented. But keeping in mind some difficulties like code hacking (I am lazy), layout etc., this will be done from 2002 onward only.

Another mass defacement of Indian sites (Posted @ 5:57:13: 14/11/2001 GMT+8)
The group Silver Lords defaced a total of 107 Indian websites including an government site

All the websites seems to be hosted by

Biggest mass defacement in the history of Indian sites! (Posted @ 13:12:52: 9/11/2001 GMT+8)
The biggest mass defacement in the history of Indian sites occured when 'attic' of Anti India Crew group defaced 197 websites. All the websites seems to be hosted on the IP address The APNIC whois shows that the IP range -'s netname is 'JABALPUR', description is 'Leased - Jabalpur ISP Node', and maintained by VSNL. The name servers responsible for the domain seems to be hosted by a company called Open ports include telnet, ssh, ftp, pop-3 and mysql.

Explaining their inactivity for some time, attic wrote on the defaced websites "We ain`t dead, its just a vacation that kept AIC away for a bit from those indian websites" and warned "I GOT MORE FOR YOU INDIANS STAY TUNED OK?"

'Dr. Nuker' of PHC indicted by DoJ and FBI (Posted @ 8:56:31: 1/11/2001 GMT+8)
'Doctor Nuker', the founder of PHC (Pakistan Hackerz Club) has been indicted with "offenses relating to the November 2000 attack on the computers of the American-Israel Public Affairs Committee, a pro-Israel public affairs group with offices in Washington, D.C.". In a press release, US Department of Justice indetified 'Doctor Nuker' as "Misbah Khan of Karachi, Pakistan" and was charged with "hacking into AIPAC's computer server in Silver Spring, Maryland on November 1, 2000. He replaced AIPAC's World Wide Web page with a page boasting that AIPAC had been 'hacked by Doctor Nuker, Founder Pakistan Hackerz Club,' ".

The defacement mirror can be found at Attrition.Org. According to the release "The unauthorized Web page contained statements attacking Israel and links to other anti-Israel or pro-Palestinian Web sites. In addition, Khan took confidential computer credit card account information belonging to AIPAC members and posted the account information on the unauthorized Web page and on other sites, resulting in unlawful use of the credit card accounts."

Pakistan Hackerz Group (PHC) is notorious for defacing Indian website like (5 times!) and

[Update] Newsbytes is carrying an article in which Dr. Nuker is claming that law enforcement officials have issued the arrest warrant to the wrong guy! Quoting from the article:

"It's a girly name, sort of like calling a guy Mary Smith," said the hacker, who claimed he is a 35-year-old male and that several other people have used his nickname to deface sites.

HP India's website defaced (Posted @ 6:56:44: 31/10/2001 GMT+8)
The website of HP India was defaced by a group called 'Death-Team Int.'. The website is still in the defaced state when this report is being filed. As claimed in the defacement site "Death-Team iz DeathSymb0l n Death-Zone" which means that two groups 'DeathSymb0l' and 'Death-Zone' have combined together to form 'Death-Team Int.' The defacement gives shoouts to PHC, GForce Pakistan and AIC, all of them being notorious for defacing Indian websites.

The website seems to be hosted by Sify.Net and have a lot of open ports including ftp, telnet, smtp, tftp(!) and pop-3.

IMS (Ghaziabad) website defaced (Posted @ 18:18:40: 30/10/2001 GMT+8)
The website of Institute of Management Studies, Ghaziabad was defaced by a group calling itself Eagle. The site was still in the defaced state when this report is being filed. The open ports include ftp, smtp, goher and irc-serv(!) and the machine seems to be a Win NT running IIS 4.0 web server.

Banaras Hindu University website defaced (Posted @ 9:52:53: 28/10/2001 GMT+8)
Banaras Hindu University website was defaced by group called PCW (Pakistan Cyber Warriors). The website is in the defaced state when this report is being filed.

The open ports include echo,ftp, telnet, finger(!), pop-3, exec, shell, login, nfs, printer, time and daytime!. The OS seems to be IRIX and the web server seems to be Apache/1.3.3.

Project India Cracked Update (Posted @ 17:26:02: 27/10/2001 GMT+8)
Some changes have taken place at Project India Cracked. Now we have two mailing lists that you can subscribe to, to keep yourself informed of the attacks on Indian websites. Refer to the Mailing list page for more details. A new disclaimer section has been added to the site content. Taking into account some of the emails I have been receiving from sysops of compromised machines, this step makes a lot of sense!

Thanks for all the feedbacks. Keep them coming. That is the only way I can gauge the usefulness of the site as well as understand the expectations of the users. More interviews and features are on the way.

GForce Pakistan's website spiked? (Posted @ 13:13:10: 25/10/2001 GMT+8)
One of the websites that GForce Pakistan had been using to promote their point of view on the defacement scene seem to have been spiked. The free hosting provider has removed the original contents and pointed the URL to their company website. A copy of the Google cache of the original website's front page can be found here. Even though the last update of the website seem to have been done a long time ago, the website was used to publicise their defacement activities, counter allegations and provide 'hacking' tips.

Atomic Energy Regulatory Board & AIIMS website defaced (Posted @ 12:56:38: 25/10/2001 GMT+8)
Following up on their threat to deface Indian sites, the group PHC (Pakistan Hackerz Club) and AIC (Anti India Crew) scored major hits when they defaced the website of Atomic Energy Regulatory Board and All India Institute of Medical Sciences respectively.

In the message left over at the defaced Atomic Energy Regulatory Board website, 'Doctor Nuker' of PHC left another warning for "/* Message To "I'll be me!" */ ". In the same page, 'Doctor Nuker' claims to have got some documents which are named as "docs/formula1.xls", "docs/formula-final.xls" and "backup/" from the compromised server. In the message left at the AIIMS site, AIC says "Hacked again as promised" and challenges YIHAT to "TRY US give it your best shot".

The NMap output shows that Atomic Energy Regulatory Board machine was running IIS 3.0 webserver while the AIIMS machine was running Netscape-FastTrack/2.01 on IRIX 6.x. The AIIMS website had been defaced earlier by a group called "Crime Lordz".

AIC joins the defacement effort (Posted @ 11:04:35: 24/10/2001 GMT+8)
Anti India Crew (AIC) has announced that the group will join in the call made by GForce Pakistan to deface Indian websites. In the note left at the defaced site of, AIC said that "We respect what GForce is planning to do and we will help". It also threatened that "Major Indian websites will be compromised in the coming week".

Press coverage of defacement of Indian websites (Posted @ 10:49:33: 24/10/2001 GMT+8)
Hindustan Times and The Statesman are carrying news reports on the defacement of and The article in The Statesman mentions an interview that the reporter had with members of GForce Pakistan. In that interview, when the group was asked proof of their claim that they had sensitive documents related to Indian administration, they replied “(We) don’t have the transcripts at the moment.”

Pro US 'hackers' on GForce Pakistan's trail (Posted @ 12:06:39: 23/10/2001 GMT+8)
A news report in reports that "A group of vigilante hackers said it has identified the leader of a rival Pakistani hacking group and has turned the information over to the FBI." The group, called 'YIHAT' claims that the GForce leader 'Heataz' is employed with an online firm in Karachi, Pakistan.

Attacks on high profile Indian sites begins (Posted @ 11:04:27: 23/10/2001 GMT+8)
Two high profile Indian sites, India Today and have been defaced by GForce Pakistan and PHC (Pakistan Hackers Club) respectively. In the defacement of India Today, GForce Pakistan had inserted 'news' items critical of India and suspportive of Pakistan. As of now, The India Today website is being redirected to The Newspaper Today.

In the defacement of, 'Doctor Nuker' of PHC boasts of defacing sites for the fifth time and warns that "Indian Atomic Research and US Military and Government should wait for their turn". At the time of filing this report, the website is still in the defaced state. All this after, India Cracked had warned about the threats that GForce/'Al-Queda Alliance' has made against it!

India Today seems to be running Apache/1.3.14 (the latest version of Apache server is 1.3.22)while seems to stuck in the old age, running IIS 4.0.

Al-Queda Alliance's second warning (Posted @ 10:55:26: 22/10/2001 GMT+8)
Al-Queda Alliance has issued a second warning on defacing Indian website in "the next week or so". In the defaced website of Defense Test and Evaluation Professional Institute by GForce Pakistan, Al-Queda Alliance has also threatened US and British websites. According to the post, an estimated 1500 websites would be under attack in 'the next coming month'.

More shocking is the section titled 'Critical Info', which claims that GForce Pakistan has "Email and fascimile correspondence between Mr. Ashok Sahu (Planning and Finance, Ministry of Finance INDIA) and Dr. R. Chidambaram (Chairman, Atomic Energy Commission) the 9th Plan for the decade 1997-2007" and "sensitive government agencies (Dept. of Atomic Energy, TIFR, Hindustan Aeronautics, DRDO, Finance Ministry, Ministry of External Affairs, etc)".Given the fact that GForce Pakistan has defaced:

and other groups like WFD and SilverLords have been able to successfully attacks several Indian Institute of Science machines, Ministry of Information Technology etc., the claim may not be too far from truth.

'Al-Qaeda Alliance Online' threatens (Posted @ 19:39:24: 20/10/2001 GMT+8)
In a section of the defacement of the Alphanumeric Backup Replacement System done by the group called GForce Pakistan, the Indian site has been threatened. At the bottom of the defaced page under a heading that read "We Are In No Way Responsible For This Message" was a section of text announcing the formation of a group called Al-Qaeda Alliance Online. According to the text, the group will target, which was described as "king of anti-pak propaganda".

If one looks at one of the previous threat that GForce Pakistan had issued about the attacks on Indira Gandhi Center for Atomic Research and its eventual defacement by GForce Pakistan, it can be suspected that the group has already found out some weak link in the security of the site and are in some way in control over the site, without the knowledge of the server admin. had been previously defaced by PHC and again by DeathSymb0l. The NMap output captured at the previous defacement shows that the open ports include ftp, rtsp, listen among others and seems to running IIS 5.0 server on Windows 2000 OS.

Does India Cracked need a mailing list? (Posted @ 21:05:34: 14/10/2001 GMT+8)
Few people have asked me whether India Cracked has any mailing list. As of now, Project India Cracked does not have a mailing list. However, if there is enough demand for it, (say around 20 or more people) I don't mind starting one. But any lesser number wouldn't warrant the trouble. Please let me know what you think of the idea.

CARE India website defaced (Posted @ 14:08:57: 12/10/2001 GMT+8)
The website of CARE India was defaced by a group calling itself TheBuGz. The website seems to be running Windows-IIS/4.0 SP3. Open ports include ftp, smtp, smtps and irc-server(!).

The site was earlier defaced on 16th March 2001 by a group called DeathSymb0L. It would really help in the security of the site if the site was hosted on OpenBSD or other *nix machines rather than a Windows with IIS 4.0 installed.

Godrej machine comproimised (Posted @ 11:58:15: 10/10/2001 GMT+8)
A machine of Godrej network was compromised yesterday by group calling itself AIC (Anti India Crew). The machine is unreachable at this moment. The open ports include telnet(!), pop-3, smtp, napster(!!), and printer. The OS guess according to the Nmap scan is Linux 2.1.19 - 2.2.17. The group AIC has been actively defacing Indian website for the past couple of days.

BITS Pilani IPV6 machine compromised (Posted @ 11:20:16: 9/10/2001 GMT+8)
A machine belonging to BITS, Pilani has been compromised by a group called 'nu|L'. The machine was still in the defaced state when this report was filed. From the URL and the google cache it looks like the machine was being used to showcase BITS Pilani's work on IPV6. Open ports include ftp, http (running Apache/1.3.12 (Unix)(Kondara MNU/Linux)).

20 most crucial Internet security vulnerabilities list updated (Posted @ 16:05:28: 4/10/2001 GMT+8)
The SANS Institute has updated their The Twenty Most Critical Internet Security Vulnerabilities list. To quote from their site:

This new list, released on October 1, 2001, updates and expands the Top Ten list. With this new release, we have increased the list to the Top Twenty vulnerabilities, and we have segmented it into three categories: General Vulnerabilities, Windows Vulnerabilities, and Unix Vulnerabilities.

I hope sysadmins will look at this list and prioritize their effort.

Anti India Crew (AIC) strikes again (Posted @ 12:45:56: 3/10/2001 GMT+8)
A group calling itself Anti India Crew (AIC) has defaced two more websites yesterday.Indian Institute of Geomagnetism (defacement mirror)and Department of Management Studies (defacement mirror) was still in the defaced state when this news is being written. Open ports include telnet, ftp, echo, daytime, login, shell, finger, time etc.

Weather Resources System of India site defaced (Posted @ 0:50:32: 3/10/2001 GMT+8)
A group calling itself AIC has defaced the website of Weather Resources System of India (Google Cache).The group left behind the message


The NMAP guess of the OS yields "Windows NT4 / Win95 / Win98, Windows NT 4 SP3". AIC (Anti India Crew) has been active in the past, defacing a number of Indian sites.

Indian Institute of Science machine compromised (Posted @ 13:42:00: 1/10/2001 GMT+8)
A machine belonging to Indian Institute of Science was compromised by a "Delta" of group calling itself woot-project. The machine seems to be running IRIX 6.3. Open ports include tcpmux, echo, daytime, ftp, telnet, smtp, time, http, printer and shell. The defacer left behind the message "Error : Access rooted". The same machine was defaced earlier by the group AIC (Anti India Crew) on 25/08/2001.

The group woo-project seems to be a new entrant into the defacement arena with their first recorded defacement done on 29/09/2001. The defacement doesn't seem to be politically motivated, rather the group seems to be looking out for IRIX machines with some particular vulnerability.

CSIR - MMAS machines compromised (Posted @ 14:35:30: 30/9/2001 GMT+8)
Two machines belonging to Centre for Mathematical Modelling and Computer Simulation(C-MMACS) were compromised by a group called 'Hax0rs Lab'. The two machines were back online (Posted @ 9:29:51: 27/9/2001 GMT+8) is back online. As mentioned earlier, Alldas was forced to go offline when their hosting ISP decided that they could not handle the DDoD attacke that is occuring athe regular intervals. This would mean that India Cracked will be on the go again soon.

'Is there a plan to DoS defacement sites off the Internet?' (Posted @ 16:08:03: 22/9/2001 GMT+8)
The Register is carrying an article titled Is there a plan to DoS defacement sites off the Internet?' which puts forward the theory that some individuals/establishment is trying to take the defacement sites off the Internet. To quote an interesting sentence "It makes far more sense that government and big business would prefer that these mirror sites "go away" so that the exploits of hackers are not exhibited or glorified." Very interesting. India Cracked is also at a stand still because of the disappearance of and

News on (Posted @ 20:23:02: 18/9/2001 GMT+8)
The Register is carrying a news that persisent DDoS has knocked when the ISP decided that it cannot sustain such heavy onslaught. India Cracked relied very heavily on for authoritative defacement mirrors.

Lack of defacement updates (Posted @ 10:12:22: 10/9/2001 GMT+8)
Sorry for the lack of defacement updates. The reason is that the two main sites on which India Cracked relies on for defacement mirrors seems to be out due to what I guess are DOS attacks. There has been no news from these sites for a long time now. Updates will be posted as soon as I get more info.

Interesting article on Honeynet Project and Pakistani 'Hackers' (Posted @ 10:07:44: 10/9/2001 GMT+8)
New York Times carries an article on the Honeynet Project and their coverage of an international 'hacker' group whose head seems to be a Pakistani. The article talks of how Honeynet is using vulnerable computers to snare out 'hackers' and study their psychology.

'India Hackers Face More Charges' (Posted @ 19:07:56: 4/9/2001 GMT+8)
This article in Wired reports that the 'hackers' who were arrested for breaking into the website of Mumbai police's Cyber Crime Cell in July are going to be charged with a more serious crime - credit card theft. The concern is whether this is a real crime or a way of the Police to get back at the 'hackers' who dared to break into their site and hurt their 'pride'? By the way, can someone please enlighten me on why the report is titled 'India Hackers Face More Charges'? Sounds like these 'hackers' 'hacked' India! Maybe Manu Joseph can help.

Project India Cracked's news on (Posted @ 17:34:10: 3/9/2001 GMT+8), a premier Indian portal and Project India Cracked (PIC) has entered into a collaboration agreement wherein the news of PIC will be featured in the technology sections of The first of such news covers the defacement of and can be found here.

In a related change, India Cracked's new layout style will be slightly different from now on. I am implementing a new layout and do not have the energy/patience to change the layout of the older new items.

03/09/2001 IndiaOne Internet Solutions site defaced
The website of IndiaOne ISP was defaced by a group called TheBuGz. As of now, the website seems to be up with a slightly different template and content. The Google cache is quiet different from the present state of the site. This site was defaced about 2 months ago by Silver Lords. Technical details:
03/09/2001 Food Corporation of India Site defaced
The Food Corporation of India(FCI) website was defaced by a group called 'null' on the 2nd of September. The mirror by can be found here. The website was still in the defaced state when Project India Cracked added it to the defaced list. The tecnical details are as follows:
1/09/2001 India to Open First Cyber Police Station
Yahoo is carrying a news about the setting up of 'India's first police station to exclusively handle cyber crimes' by the state of Karnataka. This, I hope is a step in the right direction. We need more states like Karnataka. It however remains to be seen how effective these initiatives will be against attacks originating outside India.

28/08/2001 Project India Cracked Update
People regularly ask me as to what I have done to make the situation better. Well, this site is what I have done. To further help the sysadmins who suffer breakins, I have added a feature in Project India Cracked, to email the admin/webmaster/ technical/billing contact to alert them of the breakin. I do this only if I see that the website is in defaced state when I check the mirror. The webmaster of Lal Bahadur Shastri National Academy of Administration was the first person to receive the email. Please note that this is a 'community' service. I am not related to the groups who defaced the sites. If you have got any email from Project India Cracked, informing of the defacement, rest assured that I did not do it!

25/08/2001 Venture Finance, Ministry of Information Technology defacement
Venture Finance, Ministry of Information Technology was defaced by Pakistan Cyber Warriors (PCW) on 24th August 2001. Now some surprising things.

25/08/2001 Pro-Pakistan hackers deface Centre���s venture capital site
A good article, Pro-Pakistan hackers deface Centre���s venture capital site. What is different in this article is that it is one of the very few in which, the point of view of someone on the other side of the attack (I mean the 'hacked' person and not the hacker lone)is represented. It brings out the basic problem with security in Indian sites. People don't think that security of a site is worth the money.

13/08/2001 Funny.. Laugh!
The Tribune carried a news posting, whose content is on the hilarious side and shows how much our cops know about cyber crime. Some comments on interesting sections:

in the infamous hacking of a city-based website suspectedly by a notorious hackers club of Pakistan

You mean to say there is "famous" 'hacking'?

SSP Kuldip Singh said he was hopeful that soon some technology would be available for identifying the accused and then action could be taken against him.

Ya, right. Welcome to the *real world* SSP Kuldip. You have the technology. You can trace the log files and do a lot of other stuffs, but is anyone going to do it? Even if one finds of that Mr.X and Mr.Y in say the nation of 'Pakstan' did it, would India approach 'Pakstan' to convict the persons?

Mr Vinod Thapar, president of the club, said that it would not tolerate disrespect shown to the national flag and would stage a protest dharna before the Pakistan Embassy at New Delhi soon.

I can't seem to get hold of the mirror. I am really curious as to how disrespect to our Tri-colour was shown in the defacement. By the way, since security lapse on the part of allowed the defacers to "show disrespect", will knitwear's complaint cause itself to be in the court?

He said the club was preparing a memorandum on the issue and would also hand it over to the Prime Minister and the Defence Minister for taking proper measures for the security of the Indian web-site.

As far as I know Indian Govt. did not own So how is it that the responsibility of the website security rests on Indian Govt?

The hacking of the city-based site has, however, catapulted the city on the map of the ongoing hacking war between India and Pakistan as it is reportedly the first site of the city to be hacked by pro-Pak elements.

I don't exactly follow the logic.How is it that being the first website to be defaced in a city, catapult the site on the map of the war?

In fact one of the portal said that 635 Indian websites were hacked during 2000.

I really would like to see the portal that claims that!

07/08/2001 - AIIMS defaced
IIMS was defaced by Crime Lordz yesterday. The mirror can be found at

Machine running IRIX and dangerous open ports: Telnet, finger etc. 31/07/2001 - defaced was defaced by PWC (Pakistan Cyber Warriors) yesterday. The mirror can be found at calls itself "India's Premier Portal" and recently had started a Premium membership feature (, because of which I lost one of my active email boxes :(

The defaced page is interesting. It says "..Admin, it was nice playing with you that day, but shit! ..." Looks like the sysadmin and PWC were locked in some kind of battle and sadly PWC won.

Few intereting bits of info:

29/07/2001 - Wired: "India Hackers Scared Straight?"
Wired is carrying a story by the name India Hackers Scared Straight?. Few comments -

26/07/2001 - Display of MEA's defense against virus attacks
Pramit Pal Chaudari has written an article in Hindustan Times covering the infection of MEA's computers with the SirCam virus. What can I say. Did you really expect anything better?

Don't people in Indian MEA (Ministry of External Affairs) use anti-virus softwares. Don't they know better than to click and open all the emails that they receive? Well, judging from facts, they do not. Yesterday, an email was sent from a address to the mailing group C4I, which contained the "in news" virus called called SirCam!

I have, over the past few days received atleast 10 of these virsu infected emails with attachemnts of over 100 KB files. But then I do not use Outlook. My email client clearly showed that the email attachement was actually a .bat file that was named "xyz.doc.bat".

I have put online two more mails written by Ravi(C4I moderator), to editors of India Today and Financal Express, explianing how their reporters have been fooled into believing that the "defacement" supposedly done by True Indian is true. The letters - to India Today and to Financial Express.

As you can see, the emails were written about 10 days ago and there has not been any response what so ever from any of the three editors (see the news dated 17/07/2001). What a shame it is that the leading newspapers in India are so irresposible when reporting matters.

17/07/2001 seems to have been fooled by the hoax of True Indian. The article is here. That seems to be the 5th reporter in media who has been fooled by True Indian. Anyway, Ravi Ravi Visvesvaraya Prasad , Convenor of C4I groups had written an open email to Ajit Balakrishnan, CEO You can read the letter here. There has been no reply yet! How much more irresponsible reporting can we tolerate?

Rediff is carrying an article on cyber war between India and Pakistan. India Cracked and I have been quoted. It is note worthy that the article does mention about the defacement of Rediff's Chat site.

I will be on holiday in India for 2 weeks starting 16th June. I do not see myself updating India Cracked for these 2 weeks. Till then, take care.

Pramit Pal Chaudhuri of Hindustan Times seems to echo some of my beliefs regarding a guy who calls himself "True Indian". This guys claims to have defaced/broken into Network Solutions database and DNS hijacked and Tha article by Pramit is in Hindustan Times of Thurs, 14 June 2001. I cannot connect to the Hindustan Times server to get the correct URL. I will post it when I get a chance. Oh ya, India Today has quoted me and referenced India Cracked (though as in their latest issue. They too seem to have been duped by "True Indian"'s claims.

A new(?) cracking group seems to have surfaced - Hackers Squad of Pakistan. Their handywork can be found at EMTICI ENGINEERING LIMITED INDIA's defacement. Another example of the pathetic state of security in websites, India Daily was defaced yesterday and it seems to be in the defaced state even after 7 hours! What kind of a news site is this! They don't monitor their site for 7 hours straight?

Asian Age carried an article on cracking of Indian websites, with spotlight on GForce Pakistan. Oh ya, India Cracked is again mentioned.

Damn. I just realised the the first anniversary of India Cracked was on 28th April (last month). Just forgot about it. Anyway looks good for the first year. Two mentions in the National newspapers :) Any suggestions on how to improve the site will be greatly appreciated.

WFD knocks down - Mirror. This is the second time that a site related to rediff has been defaced. On 28/09/2000, GForce Pakistan had defaced - Mirror. From the Nmap output, the site seems to be running (or shall I say was running?) on FreeBSD. The server seems to be hosted by Exodus.

Looks like the External Affairs Ministry has jolted the people in positions. Economic Times was carrying a story on the breakin and surprise surprise, India Cracked is mentioned. I hope such high publicity will wake up the people who are high enough to make some difference.

The External Affairs Ministry website has been defaced. The response from the spokesman "We will put strong security fireballs around it". (I assume that the "fireball" was the spokeman's fault and not that of Rediff) I have a question - Why is an External Affiars Ministry website a ".org" website? What happened to the ""? - [Update]Looks like Rediff screwed up. It has changed "fireball" to "firewall".

"Silver Lords lead record anti-India hacking spree" - an article by Pramit Pal Chaudhuri on the recent dafacement spree by Silver Lords, in Hindustan Times. The first mention of Indian Cracked in by media.

Indian site defacement count crosses 150. Clap..clap Silver Lords continues the streak.

Silver Lords seems to be the most active defacer of Indian website for a couple of day, with 14 sites downed in the last two days. All of them carry the same image wh ich says "For the freedom of Kashmir". Oh, by the way, we are into 149 defacement in this year, just four months into the year. It really doesn't look like a good year for Indian web sites.

UGC website has been defaced by a group that calls themselves WFD.

GForce Pakistan has threatened again:

This is a threat from GForce, In a few days we`ll be attacking top Indian IT/government/ecommerce website

"Indian techies arrested in bank hacking case" - Hm.... not good.

I have been a bit slow in updating the dafaced list. The updation will be done soon

This is stupid.Chennai Server has been defaced 3 times so far in year 2001. I am sure the sys. admins just replace the defaced page with the original one and forget all about the holes and the backdoors. When will people learn??

Who hacks, wins -- Army gets ready for future wars - an article in Indian Express on the wa ys that the Indian Army is gearing up to meet cyber war.

The "infowar" defacement campaigns between India and Pakistan is given the second position in the Top 10 defacements of the year" list by Security Watch.

Atlast, a sensible article on "hacking" of Indian sites - Hack the hackers . It is a bit old, but addresses the issue of cyber security in India.

RSnake of GForce Paksitan mailed me informing

Right now its 9:55 P.M and is under DDOS attack and disabled by GForce Pakistan

It was 1430hrs SST on 07-01-2001 when I checked this email and by now seems to have recovered.

As a round off to 2001, it is interesting to note that the .in TLD defacement activity showed a 4% increase. For the breakdown, here is the chart courtesy of Attrition.Org Again, note that this does not take into account all Indian sites, just those sites that have an .in TLD (those that end in a ".in", for the layman).

This is getting funnier day by day.National Cyber Cop Committee is planing to use group of 19 hackers, all between 14 and 19 years of age, based in metro cities to help India tackle Internet crimes. CNN coverage here

Indira Gandhi Center for Atomic Research has been cracked

GForce Pakistan has threated that they will deface Indira Gandhi Center for At omic Research and Zee TV websites in few days. Considering the past activities of GForce, it is very likely that this will happen unless something drastic is done.

Cyber warfare between India and Pakistan seems to be taking funny turns. Check out this article on Times o f India.

Hm... Wired is carrying an article on the cyberwar between Indian and Pakistani inclined "hackers". Quiet funny! Look at some of these quotes.

"Most of the hackers do nothing more than take the user to a different URL where they have posted pro-Pakistan messages," Chatterjee said. "Frankly, most Indian corporate sites are easy targets for Pakistani hackers because they contain static HTML pages.
"It's difficult to hack a database-driven site. These are some of the things that those owning the sites should understand."

Sundari Nanda, the superintendent of police attached to the CCU (Cyber Crime Unit) says:

Now there has been an increased activity from a group called Attrition, which used to target Israeli sites and has now shifted its focus to India.
"We ourselves got a mail just the other day. The fact that it was a very heavy mail made us cautious. It was a virus that we traced back to an ISP in Pakistan."

Attrition.Org now has a log of the TLD (Top Level Domain) defacement statistics. India's (.in) can be found here. Note that the actual defacement of Indian themed sites are larger than this, because all the .com/.org/.net are not used for this log.

India Cracked had an email based interview with the group GForce Pakistan, credited with defacing many Indian sites. The transcripts are online now.

An interesting article on Times Of India which details a CII-PriceWaterhouseCooper survey which concludes that "Indian employees are more honest and sincere than their counterparts in the developed countries, when it comes to corporate espionage or security breaches within the organisations.". What is more interesting is the finding that "...a large number of information officers in India are not even aware of how have they been robbed"! Great. Doesn't that kind of nullify the whole survey result?

GForce Pakistan has agreed for an email based interview with India Cracked. So if you have any question to ask these guys please email me at indiacracked/@/ (Remove the //).

Looks like GForce Pakistan has taken a break from breaking into Indian sites. With the Israel - Palestein conflict reaching a high, GForce seems to have shifted their attention to that conflict.

Mentioned in defacement 16, by GForce Pakistan
"we're proved that we're sk1lled and they're not".
I presume "we're skilled" part is because they have defaced 15 Indian related site. It still beats me howevre, as to how they arrived at the "they're not" part !

Defacement 14 and still GForce Pakistan goes on and on. Not good .. !!!

Well, GForce Pakistan seems to be having a great go at Indian sites. Site 6 has been defaced. Are the Indian sysadmins sleeping ??

Well, GForce Pakistan has started its war! The first major Indian IT site to be defaced is, a venture of The defacement mirror is here. As of this moment 20:17 (SST), the site is not accessible. Check the "Whois" of here.

GForce, a group that has been very active in defacing India themed site, in their latest defacement have warned "we are warning you within a month we will deface major indian IT websites then you will know that we fucking 0wn you!". Looks like battle horns have been blown. Let us see how the Indian "Security experts" react!