State told to conduct security audit of websites

Arjun Raghunath
The New Indian Express
14 Mar 2011

THIRUVANANTHAPURAM: Concerned over the increasing attacks on Kerala’s cyber space, even from the Pak Cyber Army (PCA), the Union Ministry of Communications and Information Technology has directed the State Government to conduct a security audit of websites of government departments and organisations.

The Computer Emergency Response Team-Kerala (CERT-K) has been entrusted with the responsibility of conducting the security audit of government websites by engaging audit agencies and take corrective measures in accordance with the guidelines prescribed by the Indian Computer Emergency Response Team (CERT-In).

The State IT Department has also directed CERT-K to conduct awareness programmes for all heads of government departments.

“There are more than 250 websites of various departments and organisations under the State Government, and most of these sites are vulnerable to hacking owing to weak security features. Over the past couple of years more that 100 websites of the State Government departments and organisations were hacked. The source of many of these cyber attacks was traced to Pakistan, especially the Pak Cyber Army,” said CERT-K director Mahesh I C.

Pak Cyber Army is a group of Pakistani hackers who caught attention by hacking more than 200 Indian websites, including that of the Central Bureau of Investigation, in December 2010, and posting pro-Pakistan and anti-Indian contents.

During the 2011 New Year eve, the cyber experts in the country were on a high alert following a threat from PCA to hack various Indian websites, including those of Kerala Government.

Union IT Secretary S K Sharma has directed the State Government to conduct a security audit of all the websites of the government departments and organisations.

The IT Ministry also directed that all the government websites should be hosted only on servers of government agencies such as the National Informatics Centre to ensure security.

“We have informed all the department heads about the Central alert and the need to initiate corrective measures,” said IT Secretary K Suresh Kumar.

CERT-K, which was formed on the lines of CERT-In an year ago, has already corrected defacement of over 100 government websites including that of NORKA-Roots, Arogyakeralam, Directorate of Technical Education and Cochin Port Trust.

The Government is also looking into the scope of granting legal powers to CERT-Kerala so that they could even probe into the overseas links of the hackers, said Suresh Kumar.

According to Mahesh, the most frequent type of cyber attack on state government websites was SQL injection where the administrative username and password of a website is hacked and malicious contents posted on the site.

“Weak security features are found to be the major factor that facilitates hacking. CERT-K is giving proper directions and training to the government officials on cyber security,” Mahesh said.

CERT-K is also developing a Defacement Tracking Software that would function as a watchdog against hacking of government websites round the clock, Mahesh said.