Cyber Crime is growing at an alarming rate. And unfortunately, the security experts aren't able to match their speeds! Due to this, every now and then there is a news of cyber crime viz. advanced persistent threat, SCADA vulnerability found, ICS under threat, website hacked, phishing reported, XSS injection flaw discovered, identity theft, database hacked, stuxnet etc. Nowadays, there are more number of cases of the hacking of websites especially the corporate sectors. In technical terms, hacking of website isn't a big deal. But if the market scenario is considered and especially when it is serving the customers, then it is indeed a big deal!!
Few months back all the (news) media were busy in flashing only one news - Sony Hacked, PlayStation Hacked etc.. This very incident led to fall of a significant revenue in Sony. The Wired.com flashed a news on 23 May, 2011 as "Sony Estimates $171 Million Loss From PSN Hack". This loss includes expenses for security improvements, “Welcome Back” packages and an estimate of the impact on future profits of the security breach and resultant outage. Sony says it has still not confirmed any reports of credit card fraud or identity theft, both of which could change the company’s estimated losses. In addition to this, shares in Sony have fallen 55 percent since the company revealed the hacking on April 27 (Reference: http://www.moneycontrol.com/news/wire-news/sony-recruits-information-security-boss-after-hacking_583156.html).
However, there are many indirect harm too to the business which might not be visible right now to the company such as, lowering consumer confidence, damaging reputation, hurting competitiveness etc.
Due to all these hacking spree incidents/accidents/events {use the term whatever you like ;)}, finally Sony Corporation hired Philip Reitinger, a former Homeland Security Department official, to be its new CISO (Chief Information Security Officer) after surviving a massive hacking attacks. (Reference: http://fcw.com/blogs/circuit/2011/09/agg-sony-hiring-dhs.aspx).
Now, there is another news gaining ground on the Internet that an Indian IT company WIPRO Limited's website is hacked (Reference: http://securitybreaching.blogspot.com/2011/09/wipro-one-of-best-indian-it-company.html).
The website link of hacked domain is http://north-west.wipro.com/ . Its' a sub-domain of the Wipro Ltd.
About Wipro Ltd. according to Wikipedia:
"Wipro Limited (BSE: 507685, NSE: WIPRO, NYSE: WIT, NASDAQ: WIT) is a global information technology (IT) services company headquartered in Bangalore, India. According to the 2011 revenue, Wipro is the third largest IT services company in India and employs more than 219,429 people worldwide as of March 2011. Wipro is ranked 31 globally in 2011 in the list of IT service providers. It is 9th most valuable brand in India according to an annual survey conducted by Brand Finance and The Economic Times in 2010. Wipro provides outsourced research and development, infrastructure outsourcing, business process outsourcing (BPO) and business consulting services. The company operates in three segments: IT Services, IT Products, Consumer Care and Lighting."
(Reference: http://en.wikipedia.org/wiki/Wipro)
About the North-West Switches (north-west.wipro.com - the hacked website):
"A part of the Consumer Care and Lighting business division of Wipro, North-West Switches offers a range of premium modular switches. The Consumer Care and Lighting Business Division of Wipro Ltd has acquired the North West Switches brand from North West Switchgear Ltd. North West Switchgear is a Delhi-based manufacturer of switches, sockets and MCBs."
(References:
- http://www.buzzar.tv/product/wipro_northwest
- http://www.thehindubusinessline.in/2006/05/06/stories/2006050602310200.htm
- http://www.tmcnet.com/usubmit/2006/05/05/1638787.htm)
The current screenshot of the hacked website of Wipro's sub-domain (last checked on: 21 September, 2011; 21:30 hours IST)
The Hacked Page of North-West Switches, a part of the Consumer Care and Lighting business division of Wipro.(Last Checked: 21 September, 2011; 21:30 hours IST) |
"Greets to | Jerry HASSAN | PCCS | Dr Trojan | URDU HACK| Pcf Master Mind |x Bad Boy x | XtreMist | MongoOse Pk | Trick Owns | Shadow008 | HexCoder| Chliz Aceh | Brilliant | Waheed Gul |Sharp Hacker| Ninjaa Kai |Pak Cyber Force|ZHC|Hackall.net|[ PAKISTAN ZINDABAD ]"
This message as well as the hacked image's colour signifies that the hackers were supposedly belongs from our neighbouring country, Pakistan.
For those who still believes that the hacked domain isn't a part of Wipro Ltd., then kindly see the given image below that was taken from Google Cache. According to the Google Cache, the website's cache was last updated on 18 September 2011 21:26:10 GMT.
North-West Wipro's original website snapshot taken from Google's Cache (last updated from Google: 19 September, 2011; 02:55 hours IST) (last checked: 21 September, 2011; 21:30 hours IST) |
After searching on Google for Wipro's Security Solutions, it was found that Wipro had started in 2009 the services as "Enterprise Security Solutions".
Google Search Result for the query of "Wipro Security" (Snapshot last taken on 21 September, 2011; 21:15 hours IST) |
"Wipro's Enterprise Security Solutions (ESS) practice delivers integrated end-to-end security and compliance solutions globally across a multitude of industry verticals. Wipro ESS addresses key challenges enterprises face with improving the agility of information security and compliance programs to cope up with ever-changing business and IT risks.
Leveraging a large global pool of experienced security professionals and a Global Delivery Model, Wipro ESS assists customers in defining their security and compliance needs, best practice recommendations, technology evaluations, implementations and delivering managed and hosted security services."
(Reference: http://www.wipro.com/services/business-application-services/Pages/enterprise-security-services.aspx)
Now the question that wonders is:
In case of Sony Corporation, there was 'no' CISO but Wipro Ltd. is a company with a pool of 'experienced' security professionals. Why then the company Wipro Ltd. isn't able to take back their hacked website (http://north-west.wipro.com) when they are having a large pool of experienced security professionals??