India: 112 government sites hacked in 3 months
Summary: The Indian government has some serious security issues, and hackers are taking advantage. Over a hundred websites were hacked in the last three months alone; data was either deleted or stolen.
112 Indian government websites were hacked in the last three months, according to Sachin Pilot, Minister of State for Communications and IT. The hacked websites were part of government agencies belonging to Andhra Pradesh, Madhya Pradesh, Rajasthan, Tamil Nadu, Maharashtra, Gujarat, Kerala, Orissa, Uttar Pradesh, Sikkim, and Manipur. Also included were the Ministry of Finance, Health, Planning Commission, and Human Resource Development, according to India Times.
The website of state-owned telecom operator Bharat Sanchar Nigam Limited (BSNL) was attacked for the fourth time on December 4, by a Pakistani hacker group called "H4tr!ck." In fact, at least 22 websites under the Rajasthan state government were destroyed by hackers, mostly from Pakistan, in February. They deleted or stole data from the various sites of important departments including technical education, college education and finance, according to sources cited by India Times.
State government websites have very poor security practices. For example, most government websites in Rajasthan run on single server. This means if a hacker exploits a single vulnerability in any of the websites, he or she can compromise the other websites as well by taking control of the whole server. To make matters worse, when data is deleted, backups are simply uploaded back to website. Given that the sites are attacked again and again, it would appear that nothing is being done to actually fix the security issues.
This can't go on forever: India is going to have to tap some of the bright minds in IT and get its act together. After all, India is the world's second most populous country: it's simply a question of putting the right people in the right positions.
See also:
- Indian court delays Facebook, Google censorship hearing
- The current Indian law and loophole on user-generated content
- Hacker threatens to expose Anonymous members, Al Qaeda supporters
- The Consortium hacks porn site
- Iran hacks BBC Persian TV
- NASA: Hackers had 'full functional control'
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Shocker
"You just told us you wanted the ability to store the confidential information. You didn't tells us it had to be secure."
Three weeks later
"You just told us you wanted us to secure the area that got hacked. You didn't tell us to fix the others we same problem."
Three weeks later
"You just told us you wanted us to make sure no one could use that hack on our server. You didn't tell us to make sure there were no other vulnerabilities."
Very True
Another agenda
Why am I not surprised?
When President Abdul Kalam was in office he very strongly suggested standardizing on open source operating systems and software for all the government undertakings. Since there was no money to be made by deciding authority M$ won.
Even the web designing jobs are farmed out on lowest bid Tender basis. Jokers who have just completed their 3 month course get to setup these sites. Only thing they know is MS Front Page from a pirated copy of Office. These simply cannot be accessed from anything other than IE.
The whole approach - or rather non approach - to security is practically non existent. It would be worth knowing what operating systems these servers were running.
Not at all surprising