90% of Indian websites are vulnerable !
Independent Information Technology companies had repeatedly warned the government about the vulnerability of its websites, but their advice was not heeded.
“We at the National Anti-Hacking Group had been warning the government since 2003, that their websites were vulnerable. We hacked into the government hosted websites and later told them what we had done, just so that they could understand how easy it was. Since the government never took action on any of our recommendations, we dropped the campaign. Today, all our warnings have come true. The Prime Minister’s Office was hacked into last year and now the CBI website,” Vineet Kumar, the CEO of Security Brigade, a company empaneled with CERT-In (Indian Computer Emergency Response Team) of the Indian government told rediff.com
Kumar said that the hacked website could have come back up online in a couple of days.
When asked about this, a senior CBI official said, “The website will become functional within two weeks from today. We are conducting a security audit to foolproof the applications and content online so that such a thing does not happen again. Investigations are going on in full swing against the hackers of the website.”
Kumar’s company had recently conducted a research assessing the security vulnerability of websites hosted by the National Informatics Center (NIC), which is the nodal agency responsible for the government’s e-governance projects.
“We found that about 90% of the websites are vulnerable to cyber attacks. There are no proper countermeasures in place against cyber attacks in these websites. A potential hacker can access the database, confidential content and applications hosted on the website,” Kumar said.
One of the major reasons for the vulnerability of NIC hosted websites is its lack of manpower. The NIC, in addition to developing and managing applications, also outsources application development and security-audit work to major companies, since it does not have the necessary manpower to deal with such huge traffic.
“The main reason for this lack of manpower. The NIC has just over 3,800 employees on its payroll. The amount of work in NIC’s hands is mammoth and cannot be done by the 3,800 plus employees it has. NIC’s work does not end once content and applications are designed and developed. Security, maintenance and managing the projects in its entire lifecycle is also NIC’s responsibility,” a senior official at the NIC said.
The NIC’s work load will increase as they are preparing to take up state-level e-governance projects. The official said that to manage this, they will hire 15-20 cyber experts on contract basis for each state.