18 April 2023

Centre issues alert as hacker group targets 12,000 Indian govt websites


Anwesha Mitra

A group called ‘Hactivist Indonesia’ has declared that they will target a list of 12,000 Indian government websites in the coming days.

A hacking group on Thursday announced plans to attack thousands Indian government websites in the near future. According to an alert shared by the Home Ministry, ‘Hacktivist Indonesia’ has circulated a list of 12,000 websites which they want to target. The group has previously been linked to cyber attacks in Sweden, Israel and the US.

The communique however asserted that Indian government websites were "updated" and "capable" of handling such threats and narratives. The alert was circulated by the MHA's Indian Cybercrime Coordination Centre (I4C) on the basis of inputs received by its Cyber Threat Intelligence wing following its open-source intelligence.

According to a Moneycontrol report, the list includes thousands of government such - including Aadhaar, departments of police, space, and Income Tax and even consulate websites.

While authorities noted that the ill elements could be operating within or outside the country, the location or origin of 'Hacktivist Indonesia' remains unknown.

"A group named 'Hacktivist Indonesia' has been targetting India, and it has created a narrative that it will attack 12,0000 Indian government websites that include Central and those linked to States. It is, however, not necessary that the group belongs to Indonesia," said sources citing by news agency ANI.

The group incidentally runs a Telegram channel where posts about their purported exploits are uploaded. If the 'Hacktivists' are to be believed, they have previously leaded data of Swedish social media users, health and social media data from Israel and even information from a New York Police department.

being spread by ill elements possibly operating within or outside the country

A group named "Hactivist Indonesia" has claimed to have issued a list of 12,000 Indian government websites, including Central and States, which it may attack in the coming days, an alert circulated by the Ministry of Home Affairs' Indian Cybercrime Coordination Centre (I4C) points.

However, Indian government websites are "updated" and "capable" to handle such threats and narratives being spread by ill elements possibly operating within or outside the country, the alert has been circulated to all agencies, Central and State government wings.

Issued on Thursday, the alert was circulated by the I4C based on the inputs received by its Cyber Threat Intelligence wing following its open-source intelligence. The narrative was detected by the Cyber Threat Intelligence wing of I4C about the 'Hacktivist Indonesia' group which has been involved in an illegal operation to hack Indian websites as well as those in some foreign countries too.

The input was first shared with the Indian Computer Emergency Response Team (Cert.In), a nodal agency under the Ministry of Electronics and Information Technology, who had requested to share the information with the nodal cyber-crime units in the States about the "potential threat".

"The 'Hacktivist Indonesia' has been attacking not only Indian websites but also the websites of other countries. They have circulated a list of 12,000 Indian government websites which they want to target. I4C unit through its open source intelligence alerted the Cert.In about such ongoing activities, suggesting to be aware."

As per cyber experts in MHA, "this narrative has been going on since last year".

"Such hackers attack government websites and try to slow down these websites using different means. However, government websites are updated. This is not a new thing. Last year too, similar attempts were made by such hackers to attack several websites in Gujarat. The hackers try to send heavy internet traffic to slow down the websites so that users get affected and they could not access or connected online services and sites," said the experts.

"The hackers used to check government websites through Distributed Denial-of-Service (DDoS) attack which is a cybercrime in which the attacker floods a server with internet traffic to prevent users from accessing connected online services and sites."

If a person or organisation faces any cyber-attack, the matter can be reported on the cybercrime.gov.in website, they said, adding "a focussed work is being done with the help of I4C to curb such cyber menace in the Central agencies".

Considering the threat perspective, the Central government has already informed the states through cyber-crime and cyber security how to protect their websites, a senior MHA official told ANI requesting anonymity, and informed that "there is also a GIGW guideline which helps in keeping control on such illegal activities of the hackers".

Making government websites more secure from cyber-attacks, National Informatics Centre (NIC) formulated the Guidelines for Indian Government Websites (GIGW) in 2009 which aims to ensure the quality and accessibility of government guidelines, by offering guidance on desirable practices covering the entire lifecycle of websites, web portals and web applications, right from conceptualisation and design to their development, maintenance and management.

The second version of the GIGW was developed in 2019. The third version of GIGW (GIGW 3.0) has also been introduced. The key thrust of GIGW 3.0 is on offering specific guidance to government organisations on how to improve the user interface and user experience (UI and UX), by incorporating features such as intuitive page loading (using AI and analytics) based on the user journey and user profile, using state-of-the-art content management system (CMS), user-centric information architecture (IA), centralised monitoring dashboard to identify and provide alerts on non-conformity and technical enablement of all content creators and publishers.

GIGW 3.0 also significantly enhances the guidance on the accessibility and usability of mobile apps, especially by offering specific guidance to government organisations on how to leverage public digital infrastructure devised for whole-of-government delivery of services, benefits and information. These cover aspects such as API level integration for use of integration with social media, India Portal, DigiLocker, Aadhaar-based identity, single sign-on, data sharing in open formats on the government's data platform, government's scheme discovery platform, government's citizen engagement platform MyGov, AI-based Indian language translation tools, seamless content/data access across web-based solutions of government organisations. GIGW 3.0 offers upgraded guidelines on the accessibility of websites and apps, with a view to making access to cyberspace more inclusive.

It also guides on the prevention of leakage of sensitive information like passwords, email addresses and credit card details, which cause both personal embarrassment and financial risks. It deals with all aspects of security starting from design, coding and implementation to testing and deployment, which prevent malfunctioning, phishing, cyber-crimes or cyberattacks to avoid data loss of the organisations or users. (ANI)

No comments: