CYBER ATTACK ALARM AS GOVT SITES CRASH
A Mandarin character in an error message on the inaccessible website of the ministry of defence, a tweet by the defence minister that hinted at a possible hacking, and the subsequent inaccessibility of at least nine other government websites, created panic on Friday about a possible mass cyber attack aimed at India by Chinese hackers, but it proved to be a false alarm.
National cyber security chief Gulshan Rai said the 10 websites hosted by the NIC went down after a hardware failure.
The initial reaction of the defence minister, as well as the spokespersons of some of the other ministries (who did not know why their websites were down) was that there had been a cyber attack.
A Mandarin character in an error message on the inaccessible website of the ministry of defence, a tweet by the defence minister that hinted at a possible hacking, and the subsequent inaccessibility of at least nine other government websites, created panic on Friday about a possible mass cyber attack aimed at India by Chinese hackers, but it proved to be a false alarm.
National cyber security chief Gulshan Rai said the 10 websites hosted by the National Informatics Centre (NIC) went down after a hardware failure.
The initial reaction of the defence minister, as well as the spokespersons of some of the other ministries (who did not know why their websites were down) was that there had been a cyber attack.
“There is no hacking or coordinated cyber attack on website of central ministries. There was a hardware failure in the storage network system at the NIC which resulted in a number of government websites being serviced by that system going down. We are working to replace the hardware and these websites will be up soon,” said Rai.
Rai is the top cyber security official in the Prime Minister’s Office. He said in all 10 government websites went down and few of them including that of the Central Vigilance Commission (CVC) and civil aviation ministry had been restored.
These 10 websites were those of the Central Bureau of Investigation, the CVC, the e-gazette, and the ministries of law, civil aviation, defence, home affairs, labour, water resources and sci- ence & technology.
The rapid inaccessibility of the government websites was reminiscent of a textbook distributed denial of service or DDOS attack where users can’t access a website because bots load it with traffic and queries. The Mandarin character complicated matters further, but it turned out that it stands for Zen, after a design theme offered by Drupal, an opensource content management system for websites. The fact that the websites went down on account of a hardware failure is still worrying, say experts, as is the fact that they didn’t seem to have a back-up.
“Every organisation, especially critical ones should have a strong patch management process to closely track and patch any vulnerabilities which may arise in the software in use,” said Dhruv Soi, a cyber security expert who regularly helps federal agencies across the globe in responding to cyber adversaries.
Friday evening’s alarm was triggered by defence minister Nirmala Sitharaman’s tweet that said, “Action is initiated after the hacking of MoD website. The website shall be restored shortly. Needless to say, every possible step required to prevent any such eventuality in the future will be taken.”
News agency PTI, quoting unnamed government officials, reported at the time that there were Chinese characters on the website. The officials said they suspected hackers from the country for the attack.
Users logging onto the defence ministry website were directed to an error page, and a display message read: “The website encountered an unexpected error, Please try again later.”
An official spokesperson said the NIC, which hosts the ministry of home affairs website, was upgrading its security system.
NATIONAL CYBER SECURITY CHIEF GULSHAN RAI SAID THE 10 WEBSITES HOSTED BY NIC WENT DOWN AFTER A HARDWARE FAILURE