A server belonging to NIIT GIS Limited, an NIIT Technologies subsidiary, was compromised last week using a SQL injection attack by a hacking group calling itself the ‘Tigers of Indian Cyber’ (TIC). TIC posted the disclosure in an open security forum giving proof of concept, and a complete list of account credentials. It has since come to light that NIIT GIS’ server was compromised — not the servers at NIIT Technologies.
The breach was independently verified by Omair, a security consultant with Network Intelligence India (NII). Omair said that the hack was genuine, and was verified with the link posted by TIC as proof of concept. “The executed query enumerates expected information from the database tables,” says Omair.
Initial communication with NIIT Technologies revealed that the company was ignorant of the situation. After being informed by SearchSecurity.in of the particulars, the breach was detected by NIIT Technologies and the server was subsequently taken offline.
The NIIT Technologies spokesperson confirmed this security breach. He clarified that the server is not part of NIIT-Tech’s network. The server belongs to a department in one of NIIT Technologies’ subsidiaries, namely NIIT GIS — a joint venture between NIIT-Tech and ESRI USA. The company provides GIS mapping, as well as solutions.
According to the source, the compromised server is an internal departmental server, primarily meant for internal employees and sales force to access training and marketing collateral. The GIS server is a stand-alone server hosted in NIIT’s Noida data center. It’s not hosted with the rest of the NIIT Technologies network. This server has been online for the past eight years.
Calls to Pugmarks Interweb, NIIT Technologies’ hosting service provider confirmed that the NIIT GIS server is not hosted with Pugmarks. Most of NIIT Technologies’ IT infrastructure is hosted on servers located in the US — NIIT GIS is not part of these.
A ticker on the NIIT GIS Website informs that the site is also undergoing maintenance. NIIT Technologies has declined further comments on the technical aspects, pursuant to a forensic investigation of the server’s logs. Watch this space for further updates