In a politically motivated attack, the Home and About Us sections of the front page of the Royal Australian Air Force website have been defaced by someone calling himself Atul Diwevedi.
The site was compromised at about 1630 GMT on the 13th July to carry the message:
“THIS SITE HACKED BY ATUL DWIVEDI LONG LIVE INDIA THIS IS A WARNING MESSAGE TO AUSTRALIAN GOVT. IMMEDIATELY TAKE ALL MEASURES TO STOP RACIST ATTACKS AGAINST INDIAN STUDENTS IN AUSTRALIA ELSE I WIL PAWN ALL YOUR CYBER PROPERTIES LIKE THIS ONE. JAI HIND”
“Jai Hind” is hindi for “Long live India” or “Victory for India“. The attacks that the hacker refers to have been taking place over the the past year and now count over 70 victims, although Australian police assert that the attacks are not racially motivated. For further information on these attacks see the BBC story here.
The hacktivist appears to have previously left his mark on another site, this time in the .pk top-level domain. That defacement has since been cleaned up by the site owners, but the information still visible in the Google search result certainly throws some extra light on the character of the attacker.
I notified the Australian Department of Defence as soon as I became aware of the attack and they were quick to remedy the situation. However, the fact that such a high profile website is nonetheless at risk of being defaced really illustrates the need for effective web application security, everyone is a potential victim.