14 DAY TRIAL // An Indian security expert and whitehat hacker claims that as much as 90% of websites operated by the Indian government are vulnerable to various types of attacks.
Vineet Kumar is CEO of Security Brigade, a security consultancy and auditing firm, and also leads the Indian National Anti-Hacking Group (NAG), a non-profit organization made up of ethical hackers who volunteer their services to educational and government institutions.
Kumar told Rediff News that back in 2003, NAG organized a campaign to audit the security of governmental websites.
The whitehat hackers allegedly found a lot of security vulnerabilities, but the authorities failed to act on their reports or apply their recommendations.
"Today, all our warnings have come true. The Prime Minister's Office was hacked into last year and now the CBI website," Kumar pointed out.
The website of the Central Bureau of Investigation (CBI), India's premier law enforcement agency, was defaced by Pakistani hackers and has been down for the past three weeks.
According to officials, the website is undergoing a thorough security review and it will take another two weeks to bring it back online.
Meanwhile, the Indian minister of communications ordered all government departments to start auditing their websites with help from CERT-In, the Indian Computer Emergency Response Team, and submit periodic security reports to the National Informatics Center (NIC).
NIC hosts and maintains all major official websites, around 30,000, and there are plans for it to start taking care of state-level projects as well. Under these conditions, the government's security fears are well founded.
According to Kumar, an audit performed recently by Security Brigade, which is a CERT-In member, concluded that a very high percentage of the NIC-hosted websites were insecure.
"We found that about 90% of the websites are vulnerable to cyber attacks. There are no proper countermeasures in place against cyber attacks in these websites. A potential hacker can access the database, confidential content and applications hosted on the website," the security expert warned.