India: 112 government sites hacked in 3 months

India: 112 government sites hacked in 3 months

Summary: The Indian government has some serious security issues, and hackers are taking advantage. Over a hundred websites were hacked in the last three months alone; data was either deleted or stolen.

SHARE:

112 Indian government websites were hacked in the last three months, according to Sachin Pilot, Minister of State for Communications and IT. The hacked websites were part of government agencies belonging to Andhra Pradesh, Madhya Pradesh, Rajasthan, Tamil Nadu, Maharashtra, Gujarat, Kerala, Orissa, Uttar Pradesh, Sikkim, and Manipur. Also included were the Ministry of Finance, Health, Planning Commission, and Human Resource Development, according to India Times.

The website of state-owned telecom operator Bharat Sanchar Nigam Limited (BSNL) was attacked for the fourth time on December 4, by a Pakistani hacker group called "H4tr!ck." In fact, at least 22 websites under the Rajasthan state government were destroyed by hackers, mostly from Pakistan, in February. They deleted or stole data from the various sites of important departments including technical education, college education and finance, according to sources cited by India Times.

State government websites have very poor security practices. For example, most government websites in Rajasthan run on single server. This means if a hacker exploits a single vulnerability in any of the websites, he or she can compromise the other websites as well by taking control of the whole server. To make matters worse, when data is deleted, backups are simply uploaded back to website. Given that the sites are attacked again and again, it would appear that nothing is being done to actually fix the security issues.

This can't go on forever: India is going to have to tap some of the bright minds in IT and get its act together. After all, India is the world's second most populous country: it's simply a question of putting the right people in the right positions.

See also:

Topics: Software Development, Browser, Security

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Shocker

    Per Indian programmer:

    "You just told us you wanted the ability to store the confidential information. You didn't tells us it had to be secure."

    Three weeks later

    "You just told us you wanted us to secure the area that got hacked. You didn't tell us to fix the others we same problem."

    Three weeks later

    "You just told us you wanted us to make sure no one could use that hack on our server. You didn't tell us to make sure there were no other vulnerabilities."
    B.A.
    • Very True

      Lol ... in other words ... "The requirements were not clear !!"
      Rex2180
  • Another agenda

    While the accounts of these breaches may be true, another underlying reason is that these are used as justifications to tighten up the government's oversight into e-communications. If the rumours are to be believed, the Indian government is in the process of setting up "black boxes" - quite like what the USG's NSA has at AT&T and possibly other centers) to monitor (intrusively) ALL forms of e-communications engaged in India. Mr. Sachin Pilot is said to be a part of the cabal that is planning this.
    crystalsoldier
  • Why am I not surprised?

    I wonder if anyone has ever tried to access any Indian govt. / semi govt. sites. t is sort of a nightmare.

    When President Abdul Kalam was in office he very strongly suggested standardizing on open source operating systems and software for all the government undertakings. Since there was no money to be made by deciding authority M$ won.

    Even the web designing jobs are farmed out on lowest bid Tender basis. Jokers who have just completed their 3 month course get to setup these sites. Only thing they know is MS Front Page from a pirated copy of Office. These simply cannot be accessed from anything other than IE.

    The whole approach - or rather non approach - to security is practically non existent. It would be worth knowing what operating systems these servers were running.
    pmshah@...
  • Not at all surprising

    Having watched IRT Himalayas and spoken to people who've actually worked in India, they're about 30 yrs. behind the times. Bailing wire and rubber bands comes to mind.
    spin498