A hacker has claimed to have successfully hacked the Russian VISA centre in the United States. The apparently teenage hacker says in a range of tweets that he has successfully carried out an SQLi attack against the database of the website, thus exposing personal data of millions of individuals who have applied for Russian Visas in the recent past.
The hacker, who uses the name, Kaputskiy on Twitter, has told the IBTimes that he carried out the attack as a way of showing the Russian authorities that the website was vulnerable.
While pointing out that he had noticed glaring errors in the coding language used for the website back in 2014, the hacker said that he had been contacting the administrator of the website for a long time.
‘I have been asking them to fix these errors as quickly as possible, but they have been ignoring my emails,’ he said.
While acknowledging that the Visa centre has lost data to a hacker, John Shoreman who is the attorney for the centre said that it is highly likely that the data that has been lost was got from the calendar of the centre and not necessarily from the website.
Quoting security agencies, Shoreman said, ‘it is highly likely that the names and addresses that the hacker accessed are from the calendar that the centre shares with the consulate.’
The calendar that the attorney was referring to contains a list of appointments that the Russian consulate in America shares with Invista Logistics Services, a company, to streamline the operations of the two agencies. Invista Logistics Company is contracted by the consulate to manage its operations in New York.
But experts have pointed out that SQL vulnerability is one of the most common vulnerabilities of systems in the world. Acunetix, an application that provides accurate and timely information about web securities, points out that many websites in the world can be successfully breached using an SQLi attack.
Interestingly, Kaputskiy says that he has been hacking for a couple of years now. He also says that it is possible for anyone to successfully attack the Russian Visa Centre website, given its glaring mistakes in the coding language.
It appears that the hack has exposed thousands of US citizens who have applied for Russian Visas. Although the hacker has said that he is not willing to leak the data to the public, observers will be keen to watch how the Russian Visa Centre and Invista Logistics Services work to fix the errors and minimise the damage.