IIT Bombay and IIT Kharagpur Hacked By An Indian Hacker Cryptolulz666

Indian Institute of Technology (IIT), is the top rated higher level education institution of INDIA which is one from the world's top 200 colleges. The branches of IIT are located in 23 different states and cities of INDIA. The students of whole INDIA dreams to took admission in IIT. They work hard to do so. But an Indian Hacker is doing something different to be accepted by IIT Bombay. Recently, the database of IIT Bombay and IIT Kharagpur has been hacked by “Cryptolulz” who is using available on twitter (@Cryptolulz666). After breaching the database of both IIT branches, he leaked it on the “Pastebin”. Initially, he hacked IIT Bombay and leaked 54 tables of the database on Pastebin. After few hours, he did same with IIT Kharagpur.

About The Hacker

The Cryptolulz hacker contacts the CISO of Bit4ld (Pierluigi Paganini) and said that he is an INDIAN guy who is very passionate about cyber security. He also added that this attack is very important for him because he always dreams to be a part of one of the world’s top 200 colleges. He said that he spent all his life to be accepted by IIT Bombay. According to a blog post of Pierluigi, the hacker told him that he is too young but he is capable of hacking into the database of world’s top institutes.

Type of Attack?

Pierluigi Paganini contacted by the hacker and he told that he performed “Blind SQL Injection Attack” to breach the both databases. It is obvious, that there was security vulnerability which allowed him to perform such type of critical cyber-attack. Further, he added that the site of IIT Bombay is also vulnerable to a special type of Cross Site Scripting (XSS) attack. The hacker said that he has informed the administrators about the hack but he didn’t get any response from them.

Leaked Information

In his Pastebin post, the hacker mentions that there were around 12000 records in the database but he only dumped a quarter of it because rest of the database contains legal stuff. The leaked information contains database table names, user id, user password, department, user type, date of joining and email ids. It is not clear yet, whether the leaked belongs to students of staff. This information is available in the database which has been leaked by the hacker on PasteBin. Maybe he has the access to the whole database and he leaked a small piece of it as a proof in the PasteBin.

Reason Behind This Attack?

We all know “Kapustkiy”. The hacker, who is hacking government websites to aware the web admins about the need for cyber security. This hacker is also following the same principles. The “Cryptolulz” hacker told that the reason behind this hack was to aware the web admins of one of the world’s 200 top colleges about the importance of cyber-security. The main reason of the hacker behind this hack is to be a part of IIT Bombay.

Source: securityaffairs.co, PasteBin

Similar Articles: