Blog Archives

Child Porn on Indian Government websites

One of the ‘The Hacker News’ reader inform us today about porn content on some Indian Government websites. After analyzing such websites, we came across more than 30 sub domains belongs to ‘’ . Where ‘entegramam’ means “My village” and all sub domains of this website are names of the different cities of Kerala state.

Child Porn on Indian Governments : ehack

Child Porn on Indian Governments : ehack

The websites are in Malayalam language and most of the sites are powered by Joomla and Drupal (older vulnerable versions) with discussion forums on them. On our further analyze we found that time stamp of the Porn articles posted on forum dated back to “2012/08/30 16:00”.

That means, Government websites hosting Child Porn content from last four months and authorities or the moderators of the website are not aware about the issue. On a simple Google search, one can found all such pages : “nude” for further reports and analyzing.

Child Porn on Indian Governments : ehack

Child Porn on Indian Governments : ehack

Google also giving notification “This site may be compromised” for few websites in same search, showing that some of these websites are also compromised by hackers.What if Government websites itself serving Porn ? Child Porn is not legal in any country and shameful act. Child pornography in India is also illegal. In February 2009, the Parliament of India passed the Information Technology Bill,” banning the creation and transmission of child pornography. The bill enables India’s law enforcement agencies to take strict action against those seeking child pornography. For example, browsing for child pornography on the Internet can lead to a 5 year term of imprisonment and a 1 lakh fine“.These Forums are actually started by Kerala Government as a project to share information regarding “Education”, “Health”, “Agriculture”, “Tourist”, “Sports”, “Science” and more. We found that threads on forums are active to current dates, there should be some moderators also who look for abused or illegal content, but in this case ,Government host and forget !Government always give stats , why no reasons for Lack in Security ? Recently, Indian Computer Emergency Response Team ( Cert-In) proudly share report in media that over 14,000 websites have been hacked by cyber criminals till October this year. Even the actual number is 10 times they claimed, but the point is, why they never mention the reasons of lack in security ?

Running responsible Government websites without monitoring or moderators is not a good security practice at all. We Request authorities , if you host something – please moderate them.


Original Post at The Hacker News

Thanks for reading. hope it might helped you.

India government unveils five-year plan to revamp cybersecurity

Summary: Operations will be coordinated and connected to major critical infrastructure agencies in the country, to monitor real-time information and react faster to cyberattacks.

Cyber Security : ehack

Cyber Security : ehack

The Indian government has set in motion a five-year project to revamp cybersecurity apparatus of critical sectors in the country to meet the growing challenge of cyberattacks.

The National Critical Information Infrastructure Protection Center (NCIIPC), the agency to coordinate cybersecurity operations for critical infrastructure across the country, has been given this responsibility, The Times of India reported on Tuesday.

The five-year plan will be prepared by the agency to revamp and integrate the cybersecurity apparatus of all critical infrastructrure such as power, transportation, water, telecommunications and defence, the agency said at a presentation.

NCIIPC also plans to set up a sectoral Computer Emergency Response Team (CERTs) that would be connected to it, and will install censors on all critical systems to provide real-time information to its command and control (C&C) center about any cyberattack to formulate a quick response.

Under a newly defined mandate, NCIIPC will look after critical sectors with high dependency on computer and information technology (IT), while other sectors will be under India’s CERT, CERT-IN.

“There are also plans to open a Cyber Security Operation Centre, a [round-the-clock] control room for real-time information and response, and a National Institute of Critical Information and Infrastructure Protection for training of chief information security officers (CISOs). We will also issue daily cyberalerts,” Muktesh Chander, NCIIPC center director said, during the presentation.

According to sources who spoke to the Indian news site, this is part of the government’s step to create awareness and ensure a robust security system in all critical government agencies. The task had also been divided into five phases, and once agencies set up their security infrastructure, it will be connected to the NCIIPC.

Shivshankar Menon, national security advisor, who also addressed the gathering, stressed on the participation of the private sector

“The NCIIPC is setting up a joint working group with representatives of industry assocations to bring out guidelines for protection of critical information infrastructure in India,” he said.

India’s critical infrastructure agencies are no stranger to cyberattacks. Just last week, a hacker group leaked Indian telco BSNL’s passwords and database, calling for the withdrawal of a controversial legislation which allegedly suppresses freedom of speech and expression. In April, Chinese hackers allegedly planted a bug via flash drives on India’s navy computers, which relayed sensitive data to China IP addresses.

Original Post at Zdnet

Thanks for reading. hope it might helped you.

%d bloggers like this: