Many Indian websites remain sitting ducks

Even as the exchange of fire between Indian and Pakistani
troops sparked a new round of cyber war with many
websites of both nations getting defaced, experts have
emphasised the need for strengthening the cyber security
infrastructure in the country.
Often, several Indian websites, including the ones
belonging to crucial government agencies, educational
institutions, judiciary, financial institutions etc., suddenly
become inaccessible. They either bear a message saying
they are under maintenance or have their homepage
defaced. It is likely that they have become targets of a
cyber attack.
Member of the Global Cyber Security Response Team Mirza
Faizan told The Hindu that several Indian websites would
remain vulnerable to cyber attacks until measures were
initiated to plug loopholes.
The vulnerability of these sites stems from the fact they
don’t have proper security checks. Government websites,
most of which are hosted by the National Informatics
Centre, also need to obtain a security certificate from the
government-empanelled auditors. The audit of government
websites was getting delayed as the short-staffed NIC had
to outsource the work, Mr. Faizan added.
Confidential data could be compromised if hackers get to
government websites. After identifying a website, hackers
find “open ports, locate rogue wireless access points,
fingerprint an operating system and scan the network with a
variety of active and passive tools. Firewalls can be
bypassed, intrusion detection systems evaded and
passwords cracked to gain access and exploit the
vulnerabilities..,” said Mr. Faizan.
Hackers have now become emboldened to publicize on
social media their activities, by giving the addresses of the
sites they have broken into. Mr. Mirza said recently a
person from Pakistan had posted on Facebook the details
of the websites hacked. If a strong cyber security
infrastructure was in place, hackers could be brought to
book by tracing the IP address from which it had been
posted.
Easy preys
Commonly used passwords make hackers’ job easy. After
a study of the log-in credentials of about one million
hacked accounts, Bangalore-based Global Cyber Security
Response Team listed some of the most common ones. For
as many as 1,666 users or 0.38 per cent it was ‘123456’.
Another 780 (0.18 per cent) users had ‘password’ itself as
the password. The other eight commonly used passwords
are welcome, ninja, abc123, 123456789, 12345678,
goodmorning, admin, and qwerty.