Govt websites go offline, cybersecurity chief says it’s a glitch and not a hack
A Mandarin character in an error message on the inaccessible website of the ministry of defence, a tweet by the defence minister that hinted at a possible hacking, and the subsequent inaccessibility of at least nine other government websites, created panic on Friday about a possible mass cyber attack aimed at India by Chinese hackers, but it proved to be a false alarm.
National cyber security chief Gulshan Rai said the 10 websites hosted by the National Informatics Centre (NIC) went down after a hardware failure.
The initial reaction of the defence minister, as well as the spokespersons of some of the other ministries (who did not know why their websites were down) was that there had been a cyber attack.
“There is no hacking or coordinated cyber attack on website of central ministries. There was a hardware failure in the storage network system at the NIC which resulted in a number of government websites being serviced by that system going down. We are working to replace the hardware and these websites will be up soon,” said Rai.
Rai is the top cyber security official in the Prime Minister’s Office.
He said in all 10 government websites went down and few of them including that of the Central Vigilance Commission (CVC) and civil aviation ministry had been restored.
These 10 websites were those of the Central Bureau of Investigation, the CVC, the e-gazette, and the ministries of law, civil aviation, defence, home affairs, labour, water resources and science & technology.
The rapid inaccessibility of the government websites was reminiscent of a textbook distributed denial of service or DDOS attack where users can’t access a website because bots load it with traffic and queries. The Mandarin character complicated matters further, but it turned out that it stands for Zen, after a design theme offered by Drupal, an open-source content management system for websites. The fact that the websites went down on account of a hardware failure is still worrying, say experts, as is the fact that they didn’t seem to have a back-up.
“Every organisation, especially critical ones should have a strong patch management process to closely track and patch any vulnerabilities which may arise in the software in use,” said Dhruv Soi, a cyber security expert who regularly helps federal agencies across the globe in responding to cyber adversaries.
Friday evening’s alarm was triggered by defence minister Nirmala Sitharaman’s tweet that said, “Action is initiated after the hacking of MoD website. The website shall be restored shortly. Needless to say, every possible step required to prevent any such eventuality in the future will be taken.”
News agency PTI, quoting unnamed government officials, reported at the time that there were Chinese characters on the website. The officials said they suspected hackers from the country for the attack.
Users logging onto the defence ministry website were directed to an error page, and a display message read: “The website encountered an unexpected error, Please try again later.”
An official spokesperson said the NIC, which hosts the ministry of home affairs website, was upgrading its security system. “The requested service is temporarily unavailable. Sorry for Inconvenience. It would be available soon,” was the message on the ministry’s website.
The spokesperson said the move was precautionary.
“It is a technical server issue, the NIC is looking into it, the website should be up soon,” Raviraj Saratape, a spokesperson for the science and technology ministry, said.
The law ministry website also showed a 404 error in the evening while the department of justice website was working fine. A law and justice ministry official maintained that the site was not accessible due to a server failure. “It has nothing to do with hacking. This is a server failure, the NIC has said,” the official said. The government’s Computer Emergency Response Team, or CERT, under the ministry, had issued a notification stating ‘vulnerability’ in the malware protection engine. It said this could help a “remote attacker to execute code on the target system.”
“After due diligence the officials of NIC have confirmed that Ministry of Defence and any other website hosted in the NIC data centre have not been hacked and there has been no cyber attack of any nature. The websites of ministry of defence, MHA, department of public enterprises, election commission, EPFO, ministry of labor, department of science & technology are up and running and the NIC team assures the citizens that services would be restored soon for the other websites,” the NIC said in a statement later.
Authorities had temporarily taken down the ministry of home affairs website last year after a cyber attack was reported. A month before that, suspected Pakistan-affiliated operatives had hacked the official website of the elite National Security Guard (NSG) and defaced it with a profanity-laden message against the Prime Minister and anti-India content.
In 2016, the websites and databases of seven Indian missions in Europe and Africa were reportedly hacked and data from their servers was allegedly dumped online. Hackers going by the name Kapustkiy and Kasimierz L on Twitter claimed to have breached the security of the official websites of the Indian missions in South Africa, Libya, Malawi, Mali, Italy, Switzerland and Romania.