In India, 112 government websites hacked in three months
Experts blame poor adherence to security audit procedures
By John Ribeiro
March 15, 2012 — IDG News Service — A total of 112 government websites in India were hacked from December to February, a federal minister said Wednesday, reflecting India's continuing problem with online security.
Among the websites that were hacked was that of the state-owned telecommunications service provider, Bharat Sanchar Nigam.
A large number of government websites are attacked every quarter as site managers not do thorough regular audits of their systems as required of them, said a source close to the situation who asked not to be named. "This reflects a slipshod approach to security, rather than great expertise of the hackers," said another source.
In addition to federal government websites, such as that of the country's Planning Commission, a large number of state government websites were also hacked during the period, Minister of State for Communications and Information Technology, Sachin Pilot, told Parliament, according to India's Press Information Bureau. Pilot did not provide data for hacks of government sites in earlier quarters.
India has border disputes with China and Pakistan, which have spilled online in the form of cross-border hacks. The website of the country's high-profile Central Bureau of Investigation was hacked in late 2010 by a group calling itself the "Pakistani Cyber Army."
Private companies have also been hacked, including Microsoft India's online store. The site was attacked recently by Chinese hackers who said they wanted the company's attention, but may have also compromised customers' financial information. The website was hosted by a third-party service provider.
According to the government-run Indian Computer Emergency Response Team, 1425 Indian websites were defaced during January.
Pilot also disclosed that the number of Internet frauds recorded by the Reserve Bank of India has declined to 125 cases in 2011 from 269 cases in 2009. These involved frauds of about US$2,000 and above. If frauds involving smaller sums are considered, the number of frauds in 2011 were 1,798, down from 2,232 cases in the previous year.
RBI has taken a number of measures including advising credit card companies to set up internal control systems to combat frauds and to take proactive fraud control and enforcement measures, Pilot said. Credit card companies for example had to increase the levels of authentication required by online customers.