| India gets affected by Bomb blasts almost every | | | | a host of vulnerabilities that a defacer can take |
| month. Hundreds of Innocent people die for no reason. | | | | advantage of. I wonder why NIC does not have a |
| While it is difficult to stop all such attacks, it is fairly | | | | decent security training with all that money from the |
| possible to prevent such attacks by improvising and | | | | Government? With e-governance on the rise, it will be |
| using the existing resources effectively. | | | | dangerous if Indian Government does not take a |
| Let's look at some of the problems we face: | | | | serious look at lack of Information Security awareness. |
| 1. ATS: Wrong focus? | | | | So what can be done? |
| While it's a common knowledge that terrorists use the | | | | I think the Government must move fast towards |
| Internet for communication, and target Indian websites | | | | gearing for Cyber warfare. This is where the real |
| to highlight their cause, The Anti-terrorist Squd seems | | | | battle lies. With the vast confusing mesh of |
| to focus more on tapping mobiles, Intercepting GSM | | | | departments, it's best for the Government to seek |
| networks and voice-privacy solutions. The reality is, | | | | some professional advice. Here are some suggestions: |
| even though these do help, they are ineffective means | | | | 1. Acknowledge Hackers and work WITH them. |
| of tracking terrorists. Talk about Internet / Web | | | | Encourage Open Disclosure. |
| security or Digital Forensics, they give you an odd look. | | | | 2. Support Indian Hacker groups and community. |
| Techies are still insignificant people in front of their | | | | 3. Facilitate Cyber Crime awareness in Academics. |
| "real" world of guns and bullets. Besides we always | | | | Utilize local youths as volunteers for solving cyber |
| have the Cyber Crime Cell in Mumbai to put the blame | | | | crime cases. |
| on. | | | | 4. Make it mandatory for all lawyers to upgrade their |
| 2- Cyber Crime Cell, Mumbai: Cyber What? | | | | technical skills and awareness of Cyber Crime. |
| I don't mean to be rude, but it's practically a glorified | | | | 5. Consult the corporate before drafting or making |
| department. Even tracing an email is a challenge. But | | | | further ammendments in the IT Act Law |
| more than the technical incompetency, the larger issue | | | | 6. Understand the importance of Training and impart |
| is attitude. A few intelligent people who know a few | | | | the same to the right people. And not expect it to be |
| technical things prefer to keep mum. Their reason - | | | | delivered free by some company. |
| Why open your mouth and invite more work? The | | | | 7. Establish cooperation between different agencies |
| complex unsaid ego and divide between "senior" and | | | | for faster resolution of problems. |
| "junior" officers ensure that sensible work or process | | | | Open Disclosure - Hacked Websites (Not in NEWS |
| never get's implemented. | | | | yet) |
| 3 - NTRO: Making the right moves | | | | Here is a small list of websites.. that were hacked / |
| NTRO is one organization i personally respect a lot. | | | | compromized by the team and notified to the Cyber |
| They have made decent efforts to bridge the gap | | | | Crime Cell / Government but nothing has been done to |
| between various agencies over time. With a strong | | | | rectify it: |
| technical team, i feel they are quite equipped to handle | | | | Working example of a Vulnerable website: |
| Cyber Crime related issues. But again, they are not | | | | Maharashtra State Police Website |
| directly involved or are responsible to tackle it. | | | | Others: |
| 4 - CERT India: A big joke | | | | Passport Office Chandigarh |
| I don't know why we have CERT India. What is it's | | | | Tata Memorial Hospital |
| role? let's see what they say about it: | | | | Ministry of Information and Broadcasting |
| "CERT-In will then analyse the information provided by | | | | Dept. Of Education - Govt. of Rajasthanofficial |
| the reporting authority and identify the existence of an | | | | website for Eastern Railway |
| incident. In case it is found that an incident has | | | | BSNL - Dotsoft Development Center |
| occurred, a tracking number will be assigned to the | | | | Ministry of Defence |
| incident. Accordingly, the report will be acknowledged | | | | Prime Minister of India - PMOs Office |
| and the reporting authority will be informed of the | | | | Directorate of Public Grievances |
| assigned tracking number. CERT-In will designate a | | | | Central Information Commission - CIC |
| team as needed." ... and Blah Blah Blah. | | | | Central Vigilance Commission - CVC |
| Here's the truth. CERT does not have any system for | | | | Election Commission of India |
| Incident Reporting. Even if you report an Incident, they | | | | Directorate of Technical Education Maharashtra |
| won't respond back to you. In August 2006, we | | | | Mumbai Police |
| reported close to 40+ Government related websites | | | | The Singareni Collieries Company Ltd |
| (Including the president's) that were vulnerable to | | | | State Information Commission - Himachal Pradesh |
| hacking. We gave exact links, documented proof, | | | | NIC - Project Progress Monitoring System |
| video's (yes, even recorded videos!) and screenshots. | | | | Public Health Engineering Department |
| This report was also sent to major news channels. | | | | Tea Board of India |
| What happened? Nothing! With anguish, we could only | | | | This is only a partial list of vulnerable sites. Feel free to |
| watch our Indian websites being hacked over time. | | | | reach us for further information (concerned |
| NIC : Helping Hackers? | | | | webmasters can contact for free resolution / technical |
| Almost all government related websites are developed | | | | support of the issues). |
| and maintained by NIC. And almost every website has | | | | |