On Monday, the Hackers attempted to break into the websites of AP (Andhra Pradesh) government. According to Ponnala Lakshmaiah, the Information Technology and Communications Minister, “Hackers from Jakarta (Indonesia), Algeria and Turkey made repeated attempts to break into the Government websites at different times in the forenoon today but they were not successful.”
These attempts to break into the websites of AP government were made as security audit was being conducted at the State Data Centre. These websites are being maintained by Wipro. It was reported that last week, Hackers broke into 27 websites of AP government. These websites included the Budget portal of AP government. The hackers simply added additional pages to these websites without altering any changes to the home pages.
CERT-In (Indian Computer Emergency Response Team) was alerted as soon as the incident was found out by Government officials. CERT-In was ordered to access logs and screen shots for analysis. The analysis done by CERT-In found that the website christianminorities.ap.gov.in was the real cause behind all the security breaking. There was vulnerability in the website that led to breaking of all other websites.
It was originally estimated that the hackers could be from Myanmar or Bangladesh but no link could be found till date. According to the minister, “Accordingly, Cyber Security Works was engaged for application security audit and the applications certified after audit will be tested by Wipro ethical hacking team before hosting. Applications having vulnerabilities are required for rectification by the developers of the respective departments.”
As of now, ten sites were restored while the audit on 12 websites was still in progress. The website christianminorities.ap.gov.in that was found to be the root cause of all these mishap would further be examined.
These type of incidents simply show how secure are the websites that are live on the internet. Even the government websites are not fully secured, leave apart the question of other websites. In this age of connectivity and networking, measures of highest level should be taken for the security of websites and other IT infrastructure especially by the government.