Advertisement

HindustanTimes Thu,18 Sep 2014

‘Hi-tech policing system easy prey for hackers’

Rajesh Kumar Singh, Hindustan Times  Lucknow, July 30, 2013
First Published: 11:47 IST(30/7/2013) | Last Updated: 11:50 IST(30/7/2013)

The state police have found that the union home ministry’s flagship project — the Crime and Criminal Tracking Network and Systems (CCTNS) — is vulnerable to hackers who can enter into the system with ease and play havoc with data and information stored on the website.

Advertisement

The state police stumbled upon this fact about the Rs. 2000-crore CCTNS during a security audit.

The Crime and Criminal Tracking Network and Systems aims at creating a nationwide network for investigation of crime and detection of criminals

Though the state government alerted the union home ministry about a month ago and asked it to make the system secure, the latter has taken no step to correct the flaw.

Talking to HT, a home department officer said while implementing the system, the police officers found that the Microsoft internet information service of the CCTNS allows local users to gain access via unknown vectors, related file change notifications in the TP root, the NNTP file root or WWW root folder.

The vulnerability analysis and penetration testing showed there was total information disclosure resulting in compromise of the system’s integrity.

The officer said the software had several shortcomings.

The website of the CCTNS suffered from directory listing vulnerability where all the files were openly listed and accessible to the public, he explained.

Some pages of the website were affected by the shell injection and SQL injection vulnerabilities, resulting in direct access to the backend database.

The attacker could render the resource completely unavailable, he added.

Prescribing a solution, the officer said all that the home ministry officers were required to do was to upgrade the servers to the latest Window server edition 2012 and the IIS 8 for eliminating server related vulnerability.

The officer favoured use of an intrusion prevention system for the security of the server, disabling the directory-browsing feature and setting up of a secure flag on the application.


Advertisement
more from Lucknow

Lucknow rape victim's kids join dharna for CBI probe

Children of a 35-year-old widow, who was found brutally murdered in the Mohanlalganj area, on Friday joined a dharna that her family has been holding at Lucknow's GPO Crossing for the past three days to demand a CBI probe in the case.
Advertisement
Most Popular
Advertisement
Advertisement
Copyright © 2014 HT Media Limited. All Rights Reserved