Despite Indian IT, Indian Government sites host porn; gets emails hacked; lets secrets out!!
Registering the domain name takes $5-7 a year. That’s it! The entire world outsources software development to India for low cost. If despite of that a Government of India’s Public Sector Union’s website domain expires – which of course the entire world would, ostensibly, be using to get to them – and a porn site comes up… then the safest assumption you can make is that the PSU is run by absolute MORONS and IDIOTS. Well, the assumption is a very correct one! The official site of Central Inland Waterways Transport Corporation Ltd (CIWTC) — a Kolkata-based PSU under the Ministry of Shipping, Road Transport & Highways – has been hosting a Russian porn site for last one month now!
And what does the Chairman and Managing Director of the PSU say?
“The website (www.ciwtc.com) was not really hacked but taken over by a Russian company as our domain name had expired. We learnt of some pornographic links displayed on the website and told National Informatics Centre, which blocked the links. So no damage has been done,”
Mark the last words – "no damage has been done"! Your domain EXPIRED and someone took away your official domain.. and NO DAMAGE WAS DONE!!??? If this idiot was even an analyst in an IT department of a private company he would have been thrown out much early!
Meanwhile, of course, the passwords of emails Indian ambassadors in US and China, NDA and other important Indian Government departments were hacked and put on the internet! In fact, the Indian Express even tested the hack to be true!! Such is the IT preparedness of the Indian Government!!
Taking a dig at cyber security preparedness levels, a hacker, who claims to be based in Sweden, posted online this evening the passwords of 100 email accounts of embassies and government offices across the world, including 13 Indian accounts, containing classified information and correspondence.
Top on the list of passwords that have been posted on http://derangedsecurity.com give access to email accounts of Indian Ambassadors to China, US, Sweden, Germany, Italy, Oman, Finland besides officials of the National Defence Academy (NDA) and Defence Research and Development Organisation (DRDO).
Other accounts include those of the embassies of Uzbekistan, Iran, Afghanistan, Pakistan, Japan, China, UK and Russia.
To check the authenticity, The Indian Express sent a test mail to the Indian Ambassador in China on her official email ID and, using the password posted online, was able to access it. The email account of the Indian Ambassador to China contained details of a visit by Rajya Sabha member Arjun Sengupta to Beijing earlier this month for an ILO conference. There was also a transcript of a meeting this evening which a senior Indian official had with the Chinese Foreign Minister.
Similarly, accounts of NDA and DRDO officials reveal phone numbers, commercial documents, official correspondence and personal mails. The account of the Indian embassy in Germany contains a query by two IIM (Calcutta) students about safety in the wake of recent racial abuse cases in West Germany.
While it remains unclear how the passwords were accessed by the hacker – he has posted his name on the website as Dan Egerstad from Malmo in Sweden and even gave contact details – Indian experts said that loopholes in POP (post office protocol) mail servers could have been exploited to gain access.
"A POP server that had not been updated for security could have been exploited by the hacker to get usernames and passwords," said a cyber security expert who did not wish to be named.