Cyber security firms collect information from all web platforms, including Dark Web forums, to prevent real-time attacks on leaked data, actionable intelligence on illegal drug and medication trades and insider-threat monitoring.(Shutterstock)
Cyber security firms collect information from all web platforms, including Dark Web forums, to prevent real-time attacks on leaked data, actionable intelligence on illegal drug and medication trades and insider-threat monitoring.(Shutterstock)

Cyber security brass steps in as experts flag delay in fixing lapses

Late on Saturday, Jackson published a blog with an overview of the vulnerabilities that, without citing specifics, mentioned the discovery of 35 instances of credentials pairs, 3 instances of sensitive files, over 13,000 personally identifiable information instances, dozens of police FIRs.
By Binayak Dasgupta, Sunetra Choudhury, Hindustan Times, New Delhi
PUBLISHED ON FEB 22, 2021 03:07 AM IST

India’s top cybersecurity officials stepped in as a group of researchers said agencies were slow in fixing a slew of critical vulnerabilities pointed out over two weeks ago, which has potentially created a situation where attackers could access sensitive information and carry out more disruptive operations against government servers.

Issues were found in dozens of government-run web services, more than half of which belonged to different state governments. Several of them had multiple issues, including exposed credentials that would allow someone unauthorised access, leaks of sensitive files and the existence of known bugs which, if exploited, could lead to deeper access, the researchers told HT.

“Remedial actions have been taken by NCIIPC (National Critical Information Infrastructure Protection Centre) and Cert-IN (Indian Computer Emergency Response Team)… NCIIPC handles only the Critical Information Infrastructure issues. In this case the balance pertained to other states and departments that were immediately informed by Cert-IN. It is likely that some action may be pending by users at state levels which we are checking,” National Cyber Security Coordinator (NCSC) Lt Gen Rajesh Pant told HT on Sunday.

Also Read | Ex-defence personnel hit by phishing attack

The remark by the official came as members of his team opened communications with the researchers who found the vulnerabilities, according to a person aware of the development, asking not to be named. The researchers – part of a collective that calls itself Sakura Samurai -- said they reached out to the NCIIPC in the first few days of February but most of the issues they flagged were unresolved for over two weeks.

“You need to fix this. I’ve went through our report and not even 1/8 of these Critical Vulnerabilities are fixed, weeks later. Do the Indian Citizens know that they are exposed? They have the right to be protected. This isn’t fluff. Fixing this is Critical,” said Sakura Samurai’s John Jackson, in a series of tweets addressed to NCIIPC on February 19.

Late on Saturday, Jackson published a blog with an overview of the vulnerabilities that, without citing specifics, mentioned the discovery of 35 instances of credentials pairs, 3 instances of sensitive files, over 13,000 personally identifiable information instances, dozens of police FIRs.

Additionally, they discovered multiple vulnerabilities that could be chained to potentially compromise extremely sensitive government systems.

In the blog, Jackson said they tested gov.in systems for vulnerabilities as part of the NCIIPC’s Responsible Vulnerability Disclosure Program (RVDP), a practice followed world over in which companies and countries allow developers, researchers and security professionals to report issues that could pose a risk to information security.

On Sunday, after backchannel lines were opened to the NCSC, the official’s team escalated the incident to the respective agencies, according to a person aware of developments who asked not to be identified. Cert-IN did not respond to requests for a comment to HT.

Experts said the incident highlights the need to improve coordination on such issues.

“Vulnerability management is a complex science. No government gets it right. Transparency in disclosure and swiftness of response become crucial then. The ‘coordination’ part of the National Cyber Coordination Centre needs a major reboot,” said Pukhraj Singh, a cyber threats analyst, while suggesting that manual notification and assessment protocols be automated.

“We need not wait for a catastrophe like the SolarWinds attack to make us realise how our cyber vulnerabilities could set back our national security by decades,” he added.

Concerns about response times were also flagged by an Indian researcher, who found a trove of data relating to Covid-19 test results of people in a particular state.

The issue “is resulting in the leakage of lakhs of Covid test reports. These include sensitive information like name, age, residence address exact date of sample testing, etc,” said Sourajeet Majumder. Majumder flagged the issue to Cert-IN on February 10 but the issue was yet to be fixed. HT is not identifying the state in order to minimise the risk of the information being targeted.

SHARE THIS ARTICLE ON
Close
Representational image.
Representational image.

SC refuses contempt plea, says tigress Avni killed in accordance with court order

By Abraham Thomas
PUBLISHED ON FEB 26, 2021 01:18 PM IST
The officials who were issued the notice filed a response claiming that no ground for contempt was made out as the order to shoot the tigress was confirmed by the top court’s September 2018 order
Close
External affairs minister (EAM) S Jaishankar and his Chinese counterpart Wang Yi are seen in this photo.(HT Photo)
External affairs minister (EAM) S Jaishankar and his Chinese counterpart Wang Yi are seen in this photo.(HT Photo)

In Jaishankar’s 75-minute phone call to China’s Wang Yi, one message stands out

By Shishir Gupta, Hindustan Times, New Delhi
PUBLISHED ON FEB 26, 2021 01:04 PM IST
  • India China row: Jaishankar presented his diagnosis of the hurdles to the normal resumption of bilateral ties in his conversation with Wang Yi, and the steps needed to turn back the clock.
Close
Prime Minister Narendra Modi on Friday highlighted India's effort in assisting neighbouring countries in the fight against the coronavirus pandemic. (PTI)(HT_PRINT)
Prime Minister Narendra Modi on Friday highlighted India's effort in assisting neighbouring countries in the fight against the coronavirus pandemic. (PTI)(HT_PRINT)

News updates from HT: PM says India's health ecosystem being praised worldwide

By hindustantimes.com, Hindustan Times, New Delhi
UPDATED ON FEB 26, 2021 01:02 PM IST
  • Here are today’s top news, analysis, and opinion. Know all about the latest news and other news updates from Hindustan Times.
Close
Mumbai Police deployed its personnel outside Ambani's house after the explosives were found in the area on Thursday.(Reuters Photo)
Mumbai Police deployed its personnel outside Ambani's house after the explosives were found in the area on Thursday.(Reuters Photo)

Just a trailer: Letter in car carrying explosives near Mukesh Ambani's house

By hindustantimes.com | Written by Meenakshi Ray
PUBLISHED ON FEB 26, 2021 01:00 PM IST
Mumbai Police also called in the bomb squad after the police control room was informed about the vehicle near Amnabi's house.
Close
Prime Minister Narendra Modi. (File photo)
Prime Minister Narendra Modi. (File photo)

PM inaugurates Khelo India Winter Games in J&K’s Gulmarg

By Mir Ehsan
PUBLISHED ON FEB 26, 2021 12:53 PM IST
The games will see 1,200 athletes from 27 states and Union Territories take part in the five-day event which will end on March 2
Close
Maharashtra on February 24 witnessed a spike in coronavirus cases, with more than 8,000 new cases of infections being reported in a single day. Photo by Keshav Singh/Hindustan Times
Maharashtra on February 24 witnessed a spike in coronavirus cases, with more than 8,000 new cases of infections being reported in a single day. Photo by Keshav Singh/Hindustan Times

New Covid-19 guidelines affect banquet hall businesses in Nagpur

ANI, Nagpur
PUBLISHED ON FEB 26, 2021 12:53 PM IST
This comes after Maharashtra Chief Minister Uddhav Thackeray asked authorities to put curbs on weddings.
Close
Punjab and Haryana High Court (HT FILE PHOTO)
Punjab and Haryana High Court (HT FILE PHOTO)

Punjab and Haryana High Court grants bail to activist Nodeep Kaur

By hindustantimes.com | Written by Karan Manral, New Delhi
PUBLISHED ON FEB 26, 2021 12:41 PM IST
The 23-year-old labour rights activist was arrested by the Haryana police from Delhi’s Singhu border on January 12.
Close
Construction workers from Assam were attacked in Meghalaya on Wednesday night. File/Representational photo
Construction workers from Assam were attacked in Meghalaya on Wednesday night. File/Representational photo

Meghalaya: Masked men attack labourers from Assam; 1 killed, 7 injured

By David Laitphlang | Edited by Abhinav Sahay, Shillong
PUBLISHED ON FEB 26, 2021 12:36 PM IST
  • Meghalaya home minister said around 15-20 masked persons were involved in the attack on the labourers.
Close
Prime Minister Narendra Modi(PTI)
Prime Minister Narendra Modi(PTI)

Indian health ecosystem being seen with new eyes, says PM Modi

By hindustantimes.com | Edited by Shivani, Hindustan Times, New Delhi
UPDATED ON FEB 26, 2021 12:33 PM IST
During the event, PM Modi also congratulated students for graduating successfully and said, "This is the time when you will transition from earning marks in exams to making a mark in society,” he said.
Close
On November 2, 2018, Avni was shot dead in Yavatmal(File Photo/Representative Image)
On November 2, 2018, Avni was shot dead in Yavatmal(File Photo/Representative Image)

Contempt plea against officials over killing of tigress Avni withdrawn

By Abraham Thomas, Hindustan Times, New Delhi
UPDATED ON FEB 26, 2021 12:24 PM IST
  • Plea seeking contempt action against Maharashtra officials over killing of tigress Avni withdrawn
Close
New Delhi: Union Agriculture Minister Narendra Singh Tomar arrives at Parliament during the ongoing Budget Session, in New Delhi, Monday, Feb. 8, 2021. (PTI Photo/Manvender Vashist)(PTI02_08_2021_000053A)(PTI)
New Delhi: Union Agriculture Minister Narendra Singh Tomar arrives at Parliament during the ongoing Budget Session, in New Delhi, Monday, Feb. 8, 2021. (PTI Photo/Manvender Vashist)(PTI02_08_2021_000053A)(PTI)

Farmers’ protest completes 3 months, Kisan Cong to gherao Tomar's house today

By hindustantimes.com | Written by Kanishka Sarkar, Hindustan Times, New Delhi
PUBLISHED ON FEB 26, 2021 12:04 PM IST
While the farmers want a complete roll-back of three farm laws, the government has ruled out agreeing to the demand and has offered to make amendments to the legislation.
Close
Local representatives of the WHO and the United Nation’s children’s agency Unicef described the vaccines’ “momentous” arrival as a critical step in bringing the coronavirus pandemic to an end.(AFP)
Local representatives of the WHO and the United Nation’s children’s agency Unicef described the vaccines’ “momentous” arrival as a critical step in bringing the coronavirus pandemic to an end.(AFP)

India beats China at its own game in Covid-19 vaccine diplomacy battle

Bloomberg
PUBLISHED ON FEB 26, 2021 11:39 AM IST
So far, India has managed to ship nearly 6.8 million free Covid-19 vaccines around the world.
Close
Sonamarg: Tourists take sledge ride after fresh snowfall during Sonamarg Winter Festival, at Sonamarg in Ganderbal district 110 km�s from Srinagar, (PTI)
Sonamarg: Tourists take sledge ride after fresh snowfall during Sonamarg Winter Festival, at Sonamarg in Ganderbal district 110 km�s from Srinagar, (PTI)

Fresh rains and snowfall in Kashmir since early Friday morning

By Mir Ehsan | Edited by Abhinav Sahay, Srinagar
PUBLISHED ON FEB 26, 2021 11:20 AM IST
  • IMD had predicted there could be heavy rains at some places on February 25 and 26, causing a possible disruption in flights on February 26th from Srinagar.
Close
External affairs minister (EAM) S Jaishankar and his Chinese counterpart Wang Yi are seen in this photo.(HT Photo)
External affairs minister (EAM) S Jaishankar and his Chinese counterpart Wang Yi are seen in this photo.(HT Photo)

Necessary to disengage at all friction points, Jaishankar to Wang in 75-min call

By hindustantimes.com | Written by Meenakshi Ray, New Delhi
PUBLISHED ON FEB 26, 2021 11:19 AM IST
The 75-minute call between Jaishankar and Wang came after India and China pulled back frontline troops from strategic heights around Pangong Lake.
Close
A US-based company is offering one lucky 'employee' $500 to binge-watch Netflix shows and eat takeout pizza in celebration of National Pizza Day, which is on February 9. (Representative image)(Unsplash)
A US-based company is offering one lucky 'employee' $500 to binge-watch Netflix shows and eat takeout pizza in celebration of National Pizza Day, which is on February 9. (Representative image)(Unsplash)

Binge-watching Netflix? Scrolling Twitter? Check new rules for online platforms

By hindustantimes.com | Written by Kanishka Sarkar
PUBLISHED ON FEB 26, 2021 10:36 AM IST
The guidelines have been framed keeping in mind the difference between viewership in a theatre and television as compared to watching it on the internet, the ministry said.
Close
SHARE
Story Saved
OPEN APP