Are Indian Government Websites Really Easy To Hack? We Understand Why

Posted on December 6, 2010 in Specials

By Ananya Mukherjee:

The term hacking was born in the mid 60’s .It means to gain access over some other computer or several other computers without legal permit.

With the latest hacking of  the CBI website, the question arises, are Govt. website so vulnerable? One of the biggest reasons of such vulnerability is that the server technologies and the website databases are not upgraded. According to experts, a professional hacker takes about 24 hours to hack into the sites that have such vulnerability. A hacker starts off with gathering information about the server administration. He look for web applications, operating system, data base versions and the number of open ports in the targeted website. Once the vulnerabilities of the site are identified, the hacker moves into the sites after scanning the open ports.

Another problem with the websites of the government is that many of them don’t even maintain a web-log. This means that if somebody hacks into a site and accesses the protected information, and leaves without making any change, one will never be able to know it happened.

This digital war of hacking has been on since a long time and the government websites have remained a soft target. Ankit Fadia, a popular ethical hacker and now an Indian youth icon has been helping at large in preventing the hackings and recovery of website after hacking, to various organizations including Indian government. To challenge his capabilities, AIC and another Pakistani hacker group WFD defaced an Indian Government site,, and “dedicated” it to Fadia in mock deference to his capabilities to hack or prevent hacking. AIC also claimed that it would be defacing the website of the Central Board of Excise and Customs (CBEC),, within a short while and challenged Fadia to save the attack by patching the vulnerable website. AIC kept its promise and defaced the CBEC website after two days thus mocking on our prevention system. At yet another incidence, website of BHEL (, was also hacked.

Let us take up the very recent CBI website hacking case which has happened over 3 days ago. This hack is shameful, embarrassing and a definite slap in the face for India. The self-proclaimed Pakistan Cyber Army has left a message saying that this attack was a response to the “Indian Cyber Army”.

The attack seems to be a distributed denial-of-service (DDoS) attack. In a DDoS attack, a hacker (or a cracker) begins by exploiting vulnerability in one computer system and making it the DDoS master. It is from the master system that the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple compromised systems. The multiple compromised systems might even range up to thousands. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service.

While it is focused on the target of DDoS attacks as the victim, in reality there are many victims in a DDoS attack like the final target and also the systems controlled by the intruder. Although the owners of co-opted computers are almost unaware that their computers have been compromised, they are nevertheless likely to suffer from degradation of service and malfunction. Both owners and users of targeted sites are affected by a denial of service. DDoS attacks can also create more widespread disruption. In October 2010, for example, a massive DDoS attack took the entire country of Myanmar offline. WikiLeaks was also under a DDoS attack after revealing the US Embassy cables.

The fact is that the hacking game between India and Pakistan, India and China and India and world is going to continue. But our stand should be that we should build strong defensive strategies as it is a shame if the attack is made on the websites of our intelligence agencies!