Cyber Incident Victim: Ministry of Defence
Date:
Apr 2018
Location:
India
Summary
The Indian Ministry of Defence's website was defaced with Mandarin characters, prompting speculation about Chinese involvement, though cybersecurity experts questioned this attribution as a potential false flag operation. The incident led to temporary inaccessibility and restoration efforts, while concurrent outages affecting other government sites were attributed to unrelated storage issues. This breach occurred amid a broader pattern of frequent cyberattacks targeting Indian government portals, with hundreds reported in recent years, highlighting systemic vulnerabilities and a shortage of forensic expertise to investigate such incidents effectively.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 6, 2018, the official website of India’s Ministry of Defence (MoD) was defaced, displaying an error message instructing users to "try again later" alongside Mandarin characters interpreted to mean "home." The incident was publicly acknowledged by Defence Minister Nirmala Sitharaman via Twitter, where she confirmed the hacking and stated that "appropriate action" had been initiated to restore the website. She further emphasized that steps would be taken to prevent future occurrences. The National Informatics Centre (NIC), responsible for maintaining the website under the Ministry of Electronics and Information Technology, immediately began restoration efforts. Ministry officials suggested potential Chinese involvement based on the presence of Mandarin characters, though no conclusive evidence was provided. Concurrently, websites for the Law Ministry, Home Ministry, and Labour Ministry became inaccessible, displaying similar error messages. The NIC attributed these outages to a storage problem within its network, a explanation corroborated by India’s Cyber Security chief Gulshan Rai. The MoD website’s defacement occurred amid a broader pattern of government website vulnerabilities, with over 700 central and state department sites reportedly hacked between 2013 and 2017 according to Ministry of Electronics and IT data.
Security experts questioned the theory of Chinese state involvement, with cyber law advocate Prashant Mali suggesting the Mandarin characters could be a deliberate provocation by a third party to escalate tensions between India and China. An anonymous security practitioner dismissed the attribution as "childish," arguing that state-sponsored attackers typically avoid leaving identifiable traces. The incident highlighted systemic cybersecurity challenges, including a shortage of forensic expertise to investigate such attacks, as noted by Uttar Pradesh Police Task Force cybersecurity adviser Rakshit Tandon. Historical data from CERT-In revealed persistent vulnerabilities, with 199 government websites hacked in 2016 alone. Recent breaches at Bharat Sanchar Nigam Limited, India Post, and the Indian Space Research Organization further underscored these weaknesses. French researcher Elliot Alderson had publicly exposed flaws in Indian government portals, including the Telangana government site, stating that "in India, it's another story" compared to theoretical government website security standards. Union Home Minister Rajnath Singh had repeatedly called for enhanced barriers against hackers, while practitioners emphasized the need for improved threat monitoring and techno-legal staff training to address recurring incidents.