Skip to main content

Story of a Drupal theme mis-configuration, Hacking and Ministry of Defense India

If you have been following news or were online for past couple of hours you might have noticed this news making a tweet-storm and appearing all over your timeline regarding how India's Ministry of Defense website got hacked (allegedly by 'Chinese' origin).

Almost all the big media outlets covered it. Including

An example of the coverage


Fueled by our own famous ministers chiming in with their own ideas


It all seemed for the fact that the homepage of the websites showed this image with a Chinese character
And though most of india's government portals and websites aren't really what we call secure (I'll cite the references later), hilariously this time it really was not a hack!

I got tired of explaining everyone in social media again and again what went wrong hence this blogpost.

It really was just a mis-configured Drupal theme :)

You see, most of the websites by NIC for government portals are made using a CMS called Drupal. Which is not a bad thing itself, White House's website is made in Drupal. But the hilarious thing is they were using a theme called Zen (https://www.drupal.org/project/zen) and though they customized the theme to suit the respective government portals, they did not customize the maintenance page!

Any idea what is Zen Theme's logo?

Now see the character on that screenshot and in the logo? 

And now the most awesome part is, that character is not even Chinese. It's Japanese (Kanji to be precise ç¦…). After reading all this if you are in need of some Zen, I won't blame you. Head over to: https://en.wikipedia.org/wiki/Zen

Still don't believe me? Then look at the source code.
The Zen theme logo is located at : https://github.com/JohnAlbin/now/blob/master/www/sites/all/themes/zen/logo.png

And it is referenced at Line 46 of the maintenance template file.

And that logo.png file is this one 

So in short, those claims about hack are not true!




Next time, please don't believe everything you read in the internet? Specially if it's coming from our renowned ministers....



Attribution:
The last two screenshots  and the first list of links of news portals are taken from Tanay's blog (linked). Here is my due attribution along with one for newsmobile.in from whom I took the first image with "hacked" logo :)
PS: while looking for his blog I just found out a list of websites which use Drupal in Indian Govt. work by Tanay here: https://groups.drupal.org/node/248708 so any of them using zen theme should have displayed that logo today (unless someone customized it)

Comments

Popular posts from this blog

Curious case of Cisco AnyConnect and WSL2

One thing Covid has taught me is the importance of VPN. Also one other thing COVID has taught me while I work from home  is that your Windows Machine can be brilliant  as long as you have WSL2 configured in it. So imagine my dismay when I realized I cannot access my University resources while being inside the University provided VPN client. Both of the institutions I have affiliation with, requires me to use VPN software which messes up WSL2 configuration (which of course I realized at 1:30 AM). Don't get me wrong, I have faced this multiple times last two years (when I was stuck in India), and mostly I have been lazy and bypassed the actual problem by side-stepping with my not-so-noble  alternatives, which mostly include one of the following: Connect to a physical machine exposed to the internet and do an ssh tunnel from there (not so reliable since this is my actual box sitting at lab desk, also not secure enough) Create a poor man's socks proxy in that same box to have...

My Google I/O 2024 Adventure: A GDE's Front-Row Seat to the Gemini Era

Hey tech enthusiasts! Rabimba Karanjai here, your friendly neighborhood Google Developer Expert (GDE), back from an exhilarating whirlwind tour of Google I/O 2024. Let me tell you, this wasn't just your average tech conference – it was an AI-infused extravaganza that left me utterly mind-blown! And you know what made it even sweeter? I had front-row seats, baby! Huge shoutout to the GDE program for this incredible opportunity. Feeling grateful and a tad spoiled, I must admit. 😉 Gemini: The AI Marvel That's Stealing the Show Now, let's dive into the star of the show: Gemini . This ain't your grandpa's AI model – it's the multimodal powerhouse that's set to redefine how we interact with technology. Imagine an AI that doesn't just understand text, but images, videos, code, and even your wacky doodles. Yep, that's Gemini for you! Google's been cooking up this AI masterpiece, and boy, did they deliver! The keynote demo had us all gawk...

MovieBuff: Dive Deeper into Movies with Generative AI

MovieBuff: Dive Deeper into Movies Before You Watch MovieBuff: Dive Deeper into Movies Before You Watch Have you ever spent two hours watching a movie only to be disappointed? MovieBuff is here to help! This Streamlit application leverages the power of Google's Generative AI, specifically the Gemini-Pro model, to provide you with detailed information about movies and TV series before you invest your precious time. Motivation Choosing a movie can be overwhelming. With countless options available, it's hard to know which ones are worth watching. MovieBuff aims to solve this problem by offering a quick and easy way to explore movies based on your interests. How it Works MovieBuff is incredibly user-friendly. You can either: Enter the movie title and year: Simply type the name of the movie you're interested in, and MovieBuff will fetch relevant information like plot summaries, directors, genres, themes, main conflicts, settings, character descriptions, tr...