At a time when the state government is fast embracing e-governance applications, the weak security features of government websites has become a matter of serious concern as hackers from abroad are frequently targeting them.
During August this year, a Pakistani hacker with the handle ‘rOOx’ hacked the websites of Kozhikode Rural Police and Malappuram District Police. The official Kerala government server, which hosts 17 high profile websites was also attacked between August 14 and August 18, 2013. The hackers posted a message: “Hacked by r00x, you GoT 0wn3d By rOOX, ConTacT: firstname.lastname@example.org.”
The Computer Emergency Response Team - Kerala CERT-K, an agency under Kerala State IT Mission, has found that 30 government websites were hacked this year till August, while more than 59 official sites came under attack in 2012. In all the cases, hackers were from foreign countries such as Pakistan, Egypt, Syria and Turkey.
Official stats reveal that websites of top government institutions including Police,
Department of Culture, Malabar Devaswom Board, The Kerala State Higher Education Council, Indian Systems of Medicine Department, official site of VIMUKTI-Mass Movement for Tobacco and Drugs Free Alappuzha, Department of Higher Education and Homeopathy Department were defaced.
P Balakiran, Director, CERT-K, said that the agency conducts periodic security audits of state government departments in accordance with the procedures laid down by Standardisation Testing and Quality
Certification Directorate under the Union IT Ministry to ensure cyber security.
“Most of the sites, which had undergone cyber attacks, were developed on old software platforms. We have started imparting awareness programmes to the government departments and agencies like Centre for Development of Imaging Technology and National Informatics
Centre, which maintains majority of the sites. Any illegal intrusion into the data centres which contain key data, may have serious implications,” he said.
However, the state has only little scope in taking legal action against the hackers since in many of the attacks the proxy server based in foreign countries can hardly be traced. Though the attack originates from Pakistan, Syria or Egypt, the proxy server would be in Iceland, Germany or any other country. “If we find the source of the attack, action would be taken. There are provisions in the Indian IT Act to initiate actions against hackers,” said N Vinayakumaran Nair, AC Hightech Cell, Thiruvananthapuram.