THRISSUR: Exposing the vulnerability of the banking system in the country, three ethical hackers from Kerala have gained root access to the servers of a Mumbai-based private bank and two public sector banks.
Now, the entire data in the servers of these banks are just a mouse click away for the trio.
The situation is particularly alarming as the data in the server can be compromised and they can crash the server, transfer funds or even delete the entire data.
The hackers - Hemanth Joseph, Jithin D Kurup and Saran V B - warned the security breach is a cause of concern as the results will be catastrophic if a bad hacker or a grey hat gains access to the server.
These banks are using the Apache server. The Apache server team recently issued an alert on their website about the bug, which will affect the server. They also urged the clients to fix the bug. Normally, the big corporates will fix the bug because a security breach can be disastrous. Though the alert was issued a week ago, the banks are yet to respond.
The vulnerability of the bank servers has been revealed at a time hackers across the world are looking for such sensitive data. Chances of bad hackers gaining access to the bank servers are high as the Apache team has already issued an alert on their website. A bank server can be access by a user and an admin.
But they have only limited access. A person who gains root access can get access to the entire data in the server. “Root Access to a server will give us permission to do almost everything with the server,” said Hemanth.
Hemanth is a volunteer of Cyberdome, the cyber crime wing of Kerala Police. As the ethical hackers reported the issue, the state police have alerted the banks.Manoj Abraham, head of Cyberdome, said the ethical hackers were able to access the main server of the banks through which even financial transactions were possible.
“The ethical hackers were able to access the server as the banks did not patch the bug immediately. It was alarming as the entire data of the bank will be compromised if bad hackers gain access to the server.”