Ministry of Defence sites in Drupal hacked by Chinese... OKAY THAT WAS FUNNY!

Ministry of Defence sites in Drupal hacked by Chinese

On Friday 7 April 2018, I saw news spreading out on all media sources that India's defense ministry, home, law and labor ministries sites crashed. Some News sources were telling that it's been hacked by the Chinese hackers.

All this started when with the tweet from Defence Minister Nirmala Sitharam saying

"Action is initiated after the hacking of MoD website ( http://mod.nic.in ). The website shall be restored shortly. Needless to say, every possible step required to prevent any such eventuality in the future will be taken. @DefenceMinIndia @PIB_India @PIBHindi"

Tweet by Nirmala Sitharaman (Minister of Defence)

 

When all the media houses looked into the MoD site, this is what it looked like.

Ministry of defence hacked site

Oh shit! Chinese logo! This might have been the reaction of everyone. And maybe because of the "hacked" word in above tweet, everyone thought hack was done by the Chinese hackers. This new spread like fire across digital media and everyone wanted to have a piece of this so they just connected sites going down with Chinese hackers.

If you are a Drupal developer you might have understood after looking at the above screenshot of the site why the title of this blog says "OKAY THAT WAS FUNNY". But jokes apart it's really frustrating as well how our media doesn't research anything and starts putting their personal views which are just based on their personal experiences.

For all those people who don't know Drupal that much. Drupal is a content management system (CMS) which is used by the Indian government for their digital presence on the web. Drupal is open source and one of the most secured CMS in the world unless you crew up on your part. And that's what happened from National Informatics Centre (NIC) who maintain all these sites.

The Chinese logo which showed on the site is default logo of Zen theme (https://www.drupal.org/project/zen) and the same logo you can see on the project page on drupal.org site. Here is a small screenshot of the project page for you guys.

Drupal zen theme

Only thing was people from NIC made a mistake and because of which the sites went down and started to show the default logo with the error message. The fun fact here is that some of the media houses (Zeenews) themselves use Drupal. Although after some time NIC tweeted saying that "mod.gov.in  is NOT HACKED. There is some technical issue since 2:30PM today. Drupal theme https://www.drupal.org/project/zen framework. The site displayed the default logo." 

The most frustrating part of all this drama is Drupal coming up as an insecure platform because of the negligence of the people sitting at NIC.