More than 700 India Government websites hacked between 2013 and 2016

On the 8th of February 2017, Lok Sabha was informed about the various central and state government websites hacking incidents in the past four years.

Of the total 707 websites, 199 were hacked in 2016; 164 in 2015; 155 in 2014 and 189 in 2013, Minister of State for Home Affairs for home Hansraj Gangaram Ahir said in a written reply to Lok Sabha.

Cyber Crimes up by more than 3 times in 5 years

Number Of Cases Registered during 2011 to 2015
Source: https://factly.in/cyber-crimes-in-india-which-state-tops-the-chart/
Cyber Crimes In States (2011 to 2015)
Cyber Crimes In States (2011 to 2015)
Number Of Websites Hacked between 2013 to 2016
Number Of Websites Hacked between 2013 to 2016

Of the 8,348 persons arrested under different provisions of law relating to cyber-crime laws, only 315 were convicted during 2014-15, the government said.

Number Of Hackers Arrested vs. convicted during 2014-2015
Number Of Hackers Arrested vs. convicted during 2014-2015

Recent cyber-attacks:

  • The website of National Security Guard (NSG), a paramilitary force comprising anti-terror crack commandos, was partially defaced and abusive messages posted on the home page by unknown hackers on January 1. The website which is hosted on National Informatics Center (NIC) Server was blocked immediately.
  • Similar cyber-attacks were reported on websites of ordnance factories as well as railways.
  • As per Trishneet Arora, CEO of TAC Security, just after Narendra Modi announced the demonetization on November 8, more than 50 hacking incidents were reported in a month’s time. TAC Security’s specially designed service — Cyber Emergency Response Team (TAC-CERT) — received hacking complaints that included
    • Seven (07) Distributed Denial of Service (DDoS) attacks
    • Twelve (12) E-mail hacks
    • Twenty-Four (24) ransomware attacks
    • Four (04) financial frauds through e-mail and
    • Six (06) website hackings across verticals such as export companies (ransomware and financial loss), pharmaceutical companies, manufactures of electrical parts, a hospital (data breach) and IT companies (DDoS attacks)

Actions from the government:

  • Per Arora, in a move to help the organizations reduce the risk of hacking:
    • Information Technology Minister Ravi Shankar Prasad has ordered a review of the entire IT infrastructure in the country
    • The government recently announced to set up the National Cyber Coordination Centre (NCCC) to provide near real-time situational awareness and rapid response to cyber-attacks. The center is expected to be operational by March 2017
    • The Ministry of Electronics and IT has also ordered review of the IT Act, 2000, and set up a crack team to respond to cyber security incidents quickly
    • TAC CERT helps organizations in quick recovery by patching the loopholes and within hours, your service will be back to normal and function smoothly
  • Supreme Court judge Madan B Lokur today said:
    • We need to think about a legislation to prevent cyber-crimes. Between 2014-15 there has been a 20.5 percent rise in cyber-crimes and we don’t see the number coming down any(time) soon
    • Cybersecurity is crucial. Government websites also get hacked and misused due to which public is often misled with wrong information. There is a need for preventive measures
    • Given the endemic delays in the justice delivery system, we need to come up with a preventive legislation to handle the offenders. We need to be one step ahead of the offenders. A legislative policy is important
  • Delhi High Court judge Sanjeev Sachdeva:
    • Cyber-bullying through smartphones is severely affecting children and in some cases even driving them to commit suicide. The virtual reality games on phones are taking them away from real world and into the digital world
  • National Crime Records Bureau (NCRB):
    • 60% crime was committed by persons under the age of 30 in 2015. A campaign to educate people about internet offences is needed. ”With the social media, lot of private information is getting transmitted. What is of concern is commercial data and there is a need to preserve it. Unless there is a method to preserve it, any person can hack it and misuse it

References:

 

How will Information Security rescue us from Rs. 500/- and 1000/- ban

Rs. 500/- & Rs. 1000/- banned since 08-November-2016 midnight
Rs. 500/- & Rs. 1000/- banned since 08-November-2016 midnight

That fateful night of November 8th 2016, 8PM all the new channels in India live telecast the Indian Prime Minister Narendra Modi’s (NaMo) speech. As usual people tuned into their televisions and radios to listen NaMo’s speech, unaware of what crucial steps the Government of India has taken for the next 50days.

Gist of NaMo’s speech was ‘Rs. 500/- and Rs. 1000/- will not be valid from the midnight of 08th November 2016‘. Soon after the speech, news spread like a wildfire and most people were out on the streets looking out for petrol bunks and even the small street vendors started receiving Rs. 500/- and Rs. 1000/- notes for a purchase of mere Rs. 50/-. There was chaos on the streets and everyone wanted to exchange their higher denominations to a lower one. Even after 5days the rush at Banks and ATMs have not reduced, people are storming at every available Banks and ATMs for cash and it has been a nightmare for all those individuals sitting with heavy cash at home.

So what is the ban on India’s highest currency goto do with Information Security? Let us read next speech from NaMo on the 13th of November 2016, around 3pm. NaMo attended the 100th Annual function of KLE University at Belgaum, India and said ‘Going forward, the use of Credit cards, Debit cards and Plastic currency will be more and there are some banks who have already started working on this proposal‘. So the day is not far enough that we will start using our Debit/Credit cards/Plastic currencies to purchase milk and even toffees for our kids.

With our Honorable Prime Minister, Sri Narendra Modi addressing the students of KLE University and the media made statement to give high prominence to the Debit/Credit cards /Plastic currencies, there comes a need for Information Security and to safeguard the Confidentiality, Integrity and Availability (CIA) of the system to all valid Indian citizens when they use their plastic currencies.

Why is CIA that important at this point? The Government of India planned it well for almost an year with all precautions to ban the existing Rs. 500/- and Rs. 1000/- denominations and it did not take even three days for the wrong guys to release the fake Rs. 2000/-. It was just three days since the new currency valued at Rs. 2000/- was released, India was shocked to learn about the circulation of duplicate Rs. 2000/- note in south Karnataka (Chikkamagaluru district). The question every Indian has is how secure are we by using the new currency?

Also, during September and October 2016, Indian Banks started investigating on the complaints received from their respective Customers related to the excess amount debited from their accounts after a valid transaction at ATMs. The investigations revealed that their Customer cards were swiped outside India, and the banks started informing their Customers with several precautionary measures while withdrawing their amount from the ATMs. Even with the precautionary measures the banks have a couple of action items on their plate to complete, one of which is replacing all their Customer cards with a chip-and-pin technology. Replacing the cards of millions of Customers and providing them a safe environment to withdraw their cash is not that simple. Every bank has to have very strict security controls to stop the unintended hackers from robbing the genuine Customers. Security level at the Banking, Financial Services and Insurance (BFSI) domain needs to upgrade itself to tackle even the simplest and toughest attacks from hackers.

Its already 5days since the high value currency ban in India and the Indians have not recovered from the shock. Everyone at the Banks are working round-the-clock to assist Customers exchange their currencies, cash deposits per day has crossed the amount of one month’s cash deposits, bank staff are having sleepless nights. Let us wait and watch what are the next steps from our Government. Way to go India !!


SecureFirst Solutions Private Limited is a security centric Product-cum-Services Organization assisting its Clients
to develop and maintain security applications. Our offerings are classified broadly into two categories:
1. Product: Vulnerability Management System (VMS)
2. Services: Security as a Service (SaaS)

Download our brochure at: http://securefirstsolutions.com/downloads/SecureFirstSolutions_Brochure.pdf

Learn more about our Security Offerings at: http://securefirstsolutions.com/