Skip to main content

Story of a Drupal theme mis-configuration, Hacking and Ministry of Defense India

If you have been following news or were online for past couple of hours you might have noticed this news making a tweet-storm and appearing all over your timeline regarding how India's Ministry of Defense website got hacked (allegedly by 'Chinese' origin).

Almost all the big media outlets covered it. Including

An example of the coverage


Fueled by our own famous ministers chiming in with their own ideas


It all seemed for the fact that the homepage of the websites showed this image with a Chinese character
And though most of india's government portals and websites aren't really what we call secure (I'll cite the references later), hilariously this time it really was not a hack!

I got tired of explaining everyone in social media again and again what went wrong hence this blogpost.

It really was just a mis-configured Drupal theme :)

You see, most of the websites by NIC for government portals are made using a CMS called Drupal. Which is not a bad thing itself, White House's website is made in Drupal. But the hilarious thing is they were using a theme called Zen (https://www.drupal.org/project/zen) and though they customized the theme to suit the respective government portals, they did not customize the maintenance page!

Any idea what is Zen Theme's logo?

Now see the character on that screenshot and in the logo? 

And now the most awesome part is, that character is not even Chinese. It's Japanese (Kanji to be precise 禅). After reading all this if you are in need of some Zen, I won't blame you. Head over to: https://en.wikipedia.org/wiki/Zen

Still don't believe me? Then look at the source code.
The Zen theme logo is located at : https://github.com/JohnAlbin/now/blob/master/www/sites/all/themes/zen/logo.png

And it is referenced at Line 46 of the maintenance template file.

And that logo.png file is this one 

So in short, those claims about hack are not true!




Next time, please don't believe everything you read in the internet? Specially if it's coming from our renowned ministers....



Attribution:
The last two screenshots  and the first list of links of news portals are taken from Tanay's blog (linked). Here is my due attribution along with one for newsmobile.in from whom I took the first image with "hacked" logo :)
PS: while looking for his blog I just found out a list of websites which use Drupal in Indian Govt. work by Tanay here: https://groups.drupal.org/node/248708 so any of them using zen theme should have displayed that logo today (unless someone customized it)

Comments

Popular posts from this blog

ARCore and Arkit, What is under the hood: SLAM (Part 2)

In our last blog post (part 1), we took a look at how algorithms detect keypoints in camera images. These form the basis of our world tracking and environment recognition. But for Mixed Reality, that alone is not enough. We have to be able to calculate the 3d position in the real world. It is often calculated by the spatial distance between itself and multiple keypoints. This is often called Simultaneous Localization and Mapping (SLAM). And this is what is responsible for all the world tracking we see in ARCore/ARKit.
What we will cover today:How ARCore and ARKit does it's SLAM/Visual Inertia OdometryCan we D.I.Y our own SLAM with reasonable accuracy to understand the process better Sensing the world: as a computerWhen we start any augmented reality application in mobile or elsewhere, the first thing it tries to do is to detect a plane. When you first start any MR app in ARKit, ARCore, the system doesn't know anything about the surroundings. It starts processing data from cam…

ARCore and Arkit: What is under the hood : Anchors and World Mapping (Part 1)

Reading Time: 7 MIn
Some of you know I have been recently experimenting a bit more with WebXR than a WebVR and when we talk about mobile Mixed Reality, ARkit and ARCore is something which plays a pivotal role to map and understand the environment inside our applications.
I am planning to write a series of blog posts on how you can start developing WebXR applications now and play with them starting with the basics and then going on to using different features of it. But before that, I planned to pen down this series of how actually the "world mapping" works in arcore and arkit. So that we have a better understanding of the Mixed Reality capabilities of the devices we will be working with.
Mapping: feature detection and anchors Creating apps that work seamlessly with arcore/kit requires a little bit of knowledge about the algorithms that work in the back and that involves knowing about Anchors. What are anchors: Anchors are your virtual markers in the real world. As a develope…

Visualizing large scale Uber Movement Data

Last month one of my acquaintances in LinkedIn pointed me to a very interesting dataset. Uber's Movement Dataset. It was fascinating to explore their awesome GUI and to play with the data. However, their UI for exploring the dataset leaves much more to be desired, especially the fact that we always have to specify source and destination to get relevant data and can't play with the whole dataset. Another limitation also was, the dataset doesn't include any time component. Which immediately threw out a lot of things I wanted to explore. When I started looking out if there is another publicly available dataset, I found one at Kaggle. And then quite a few more at Kaggle. But none of them seemed official, and then I found one released by NYC - TLC which looked pretty official and I was hooked.
To explore the data I wanted to try out OmniSci. I recently saw a video of a talk at jupytercon by Randy Zwitch where he goes through a demo of exploring an NYC Cab dataset using OmniSci. A…