In what has become a cause of major embarrassment to the Indian IT community, leading Indian IT company Tata Consultancy Services' (TCS) Website was hacked on February 7, 2010. The breach is believed to be a domain name system (DNS) hijack, similar to the breach that social media Website Twitter faced in 2009.
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to searchSecurity.in you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of searchSecurity.in is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
|
||||
The hacker(s) altered TCS' name server entries, and also put up
the domain for sale. After the hack, Website visitors could read a clear message of "The domain
name is for sale, please contact us for further information" in English and French. Ironically, the
breach happened just a day before the Nasscom India leadership forum 2010, a major Indian IT
industry conference.
According to TCS' official statement, its website www.tcs.com was disrupted, and restored
subsequently. "Initial investigation reveals a DNS redirection at the domain name registrar's end."
claims the TCS official spokesperson. The domain name registrar in this case is Network Solutions
LLC.
The jury is divided on whether organizations can avoid such DNS-based attacks. According to K K
Mookhey, the principal consultant of NII consulting, such attacks have become a popular ploy of
hackers who don't actually hack into the TCS.com website, but instead break into the DNS server.
"So people who ended up using the hacked DNS server, landed on a compromised page. On the other
hand, those who accessed the unaffected DNS server got the actual TCS website," says Mookhey.
According to Mookhey, there is not much that TCS could have done to avoid such a breach, as the DNS
servers are not in its control. Giving an example, he explains, "Let's suppose that TCS was
using any of the Indian service providers as its Internet service provider. In this case, TCS is
using the service provider's DNS servers to access the Internet. So if the DNS servers get hacked,
TCS can't do much."
Sameer
Ratolikar, the CISO of Bank of India classifies the TCS Website as a typical Web 1.0 pharming
attack, which led to the DNS servers' compromise. He believes that such issues arise due to
non-timely patching of vulnerabilities in the DNS server. Ratolikar recommends that in cases where
a company hosts its name server(s) on a third party data center, regular vulnerability assessment
and patch management of these servers are essential. These can be achieved though strict SLAs with
the partner.
The source, location and intention behind compromised TCS website is yet to be identified, but this
has already raised questions against the company's information risk assessment capability. Although
the fault may be external, it does not save TCS from the reputation loss, believes Dinesh O'bareja,
an independent information security consultant. "My take is that if the world looks up to you for
excellence, then it's very important to keep your house in order. Tata has a large data center and
hosting facility. Tata Communications is also an ISP, so why does TCS need to involve outside
vendors?" questions O'bareja.
Both Mookhey and Ratolikar have observed a rise in DNS attacks in the recent past. Ratolikar points
out that attack vectors have shifted from email based phishing to pharming. Mookhey sees a possible
pattern in such attacks, where hackers are now probably working on the DNS records of bank websites
for future breaches that will involve more than just loss of reputation.