Skip to main content

Story of a Drupal theme mis-configuration, Hacking and Ministry of Defense India

If you have been following news or were online for past couple of hours you might have noticed this news making a tweet-storm and appearing all over your timeline regarding how India's Ministry of Defense website got hacked (allegedly by 'Chinese' origin).

Almost all the big media outlets covered it. Including

An example of the coverage


Fueled by our own famous ministers chiming in with their own ideas


It all seemed for the fact that the homepage of the websites showed this image with a Chinese character
And though most of india's government portals and websites aren't really what we call secure (I'll cite the references later), hilariously this time it really was not a hack!

I got tired of explaining everyone in social media again and again what went wrong hence this blogpost.

It really was just a mis-configured Drupal theme :)

You see, most of the websites by NIC for government portals are made using a CMS called Drupal. Which is not a bad thing itself, White House's website is made in Drupal. But the hilarious thing is they were using a theme called Zen (https://www.drupal.org/project/zen) and though they customized the theme to suit the respective government portals, they did not customize the maintenance page!

Any idea what is Zen Theme's logo?

Now see the character on that screenshot and in the logo? 

And now the most awesome part is, that character is not even Chinese. It's Japanese (Kanji to be precise 禅). After reading all this if you are in need of some Zen, I won't blame you. Head over to: https://en.wikipedia.org/wiki/Zen

Still don't believe me? Then look at the source code.
The Zen theme logo is located at : https://github.com/JohnAlbin/now/blob/master/www/sites/all/themes/zen/logo.png

And it is referenced at Line 46 of the maintenance template file.

And that logo.png file is this one 

So in short, those claims about hack are not true!




Next time, please don't believe everything you read in the internet? Specially if it's coming from our renowned ministers....



Attribution:
The last two screenshots  and the first list of links of news portals are taken from Tanay's blog (linked). Here is my due attribution along with one for newsmobile.in from whom I took the first image with "hacked" logo :)
PS: while looking for his blog I just found out a list of websites which use Drupal in Indian Govt. work by Tanay here: https://groups.drupal.org/node/248708 so any of them using zen theme should have displayed that logo today (unless someone customized it)

Comments

Popular posts from this blog

HackRice 7.5: How "uFilter" was born

I have a thing for Hackathon. I am a procrastinator. A lazy and procrastinator graduate student, not a nice combination to have. But still when I see hundreds of sharp minds in a room scrabbling over idea, hungry to build and prototype their idea. Bring it to life, it finally pushes me to activity, makes me productive.  That is why I love Hackathon, that is why I love HackRice, our resident Hackathon of Rice University.

TL;DR: if you just want to try the extension, chrome version is here and Firefox version is here.
I have been participating at HackRice since 2014, when I think for the first time it was open for non-rice students, and have been participating ever since. What a roller coaster ride it has been, but that is a story for another day. HackRice 7.5 being the last one I will be able to attend at Rice, it was somewhat special and emotional for me.
HackRice 7.5 was a tad different form the other iterations. For starters it was the first time it was being held in Spring semester…

LinuxCon China 2017: Trip Report

Linux Foundation held a combination of three events in China as part of their foray into Asia early this year. It was a big move for them since this was supposed to be the first time Linux Foundation would hold an event in Asia. I was invited to present a talk on Hardening IoT endpoints. The event was held in Beijing, and since I have never been to Beijing before I was pretty excited for the talk. However, it turned out the journey is pretty long and expensive. Much more than a student like me can hope to bear. Normally I represent Mozilla in such situations, but the topic of the talk was too much into security and not aligned much with the goals of Mozilla at that moment. Fortunately, Linux Foundation gave me a Scholarship to come and speak at LinuxCon China which enabled me to attend LinuxCon and the awesome team at Mozilla TechSpeakers including Michael Ellis and Havi helped me get ready for the talk.

The event was held at China National Convention Center. It's a beautiful and …