Cyber Incident Victim: Indian Institute of Technology Kharagpur

On December 19, 2016, the Indian Institute of Technology Kharagpur (IIT Kharagpur) experienced a data breach perpetrated by the hacker known as Cryptolulz666. The intrusion occurred approximately 24 hours after a separate attack on IIT Bombay, indicating a pattern of targeting Indian academic institutions. Cryptolulz666 exploited an error-based SQL injection vulnerability in the IIT Kharagpur website (iitkgp.ac.in) to gain unauthorized access to the institution's database. The compromised database contained records for 12,555 users, including email addresses, passwords, phone numbers, and security question answers. As proof of the breach, the hacker publicly leaked a subset of the stolen records on Pastebin, though they intentionally limited the disclosure to less than a quarter of the total dataset to avoid potential legal consequences for the institution.

Cryptolulz666 explicitly stated their motivation was to highlight cybersecurity deficiencies in institutional websites, emphasizing that organizations must implement comprehensive protection measures. The hacker warned that malicious actors could exploit such vulnerabilities for harmful purposes if left unaddressed. This incident followed Cryptolulz666's prior breach of the Russian Embassy in Armenia's website and coincided with distributed denial-of-service (DDoS) attacks against Russian and Italian government websites attributed to the same actor. No information regarding IIT Kharagpur's detection methods, containment procedures, or post-incident response was disclosed in available sources. The breach exposed sensitive personal information of thousands of users, creating potential risks of credential reuse and targeted phishing campaigns against affected individuals.