0% found this document useful (0 votes)
143 views1 page

Hacking

The document discusses cyber security risks facing India's e-governance systems. It notes that a hacker was able to enter fake names into Pune's birth and death registry to illegitimately claim benefits from a housing scheme. This highlights how hackers could exploit vulnerabilities to generate fake identities and obtain documents like passports or PAN cards. As governments increasingly connect databases and systems, any vulnerabilities pose serious risks, as all connected systems would be compromised if the weakest node is hacked. The document calls for a coherent cyber security plan to secure all nodes in networks of networks and implement robust disaster recovery, as government websites have already been hacked with little evidence of prevention efforts.

Uploaded by

Ansh Chaturvedi
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
143 views1 page

Hacking

The document discusses cyber security risks facing India's e-governance systems. It notes that a hacker was able to enter fake names into Pune's birth and death registry to illegitimately claim benefits from a housing scheme. This highlights how hackers could exploit vulnerabilities to generate fake identities and obtain documents like passports or PAN cards. As governments increasingly connect databases and systems, any vulnerabilities pose serious risks, as all connected systems would be compromised if the weakest node is hacked. The document calls for a coherent cyber security plan to secure all nodes in networks of networks and implement robust disaster recovery, as government websites have already been hacked with little evidence of prevention efforts.

Uploaded by

Ansh Chaturvedi
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

http://www.business-standard.com/india/printpage.php?

autono=459313&tp=

Hacking the sarkar


Business Standard / New Delhi December 22, 2011, 0:54 IST

The price of e-governance is careful oversight of cyber security. How is the govt securing its networks? Municipal corporations around India have traditionally been plagued by ghost employees that exist only on paper and yet somehow draw salaries and pensions. Now, scamsters with the same mindset have discovered ingenious ways to exploit cyber-enabled governance systems. Fake names were reportedly entered in the computerised births and deaths register of the Pune Municipal Corporation by a hacker with the username Jahangir. The ghosts qualified for a slum rehabilitation scheme, wherein they would receive 350 square feet each, in lieu of relinquishing (in their case, non-existent) dwellings. This has even more serious implications. If a hacker penetrates a municipal system to set up a credible identity, he can then obtain a passport, permanent account number or a PAN card even if he cannot directly penetrate the institutions that hand out these documents. If he can penetrate a land registry, he can tamper with real estate records. Every level of government is increasing its use of information technology (IT). Smart systems massively improve efficiency of governance; they speed things up, they reduce the scope for petty corruption and harassment. But, as IT-enabling grows, so does networking. If a traffic policeman in Pune enters a car registration number and swipes the drivers licence on his smart reader, he gets an instant update on vehicle status, as well as criminal cases outstanding against the driver. The smart readers reduce corruption, speed up traffic enforcement, and help nail criminals, recover stolen vehicles, etc. The reader connects to the databases of the National Crime Records Bureau, sundry Motor Vehicles Departments, the Pune traffic police, and magistrates courts. And if any of those systems are vulnerable, they all could get hacked. On a different scale altogether, regional power grids connect to each other. They balance electricity supply and demand from various plants, states and regions, monitoring voltage and downtime. This must be done via computer no human can handle it. A Stuxnet-style worm could bring the power grids down, just as Stuxnet crippled Iranian nuclear plants. Airports, railways, and ports are similarly networked and vulnerable. So too are the citizen-facing systems that vastly reduce the pain of filing income-tax returns, receiving tax refunds and passport applications. Other, non-citizen-interfacing, databases are run by the National Crime Records Bureau, the Reserve Bank of India, the finance ministry and the ministries for roads, shipping, defence, etc. All carry information that could be utilised either for competitive gain or to breach national security. All can be compromised. In networks of networks, the security is only as good, or as poor, as the least secure node. There needs to be a coherent plan to secure every node and comprehensive disaster recovery and mitigation plans. The Pune Municipal Corporation may just be the tip of the iceberg. There is anecdotal evidence that various government websites have been hacked and defaced. There is no evidence that much has been done to prevent deeper penetration.

1 of 1

02-02-12 2:39 PM

You might also like