A Mandarin character in an error message on the inaccessible website of the ministry of defense, and a tweet by the defense minister that hinted at a possible hacking, followed by the subsequent inaccessibility of at least nine other government websites, created panic on Friday about a possible mass cyber attack aimed at India by Chinese hackers, but information security training experts proved to be a false alarm.
National cyber security Chief Gulshan Rai said the 10 websites hosted by the National Informatics Centre went down after a hardware failure. The reaction of the defense minister, as well as the spokespersons of some of the other ministries was that there had been a hack.
“There is no coordinated cyber attack on website of central ministries. There was a hardware failure in the storage network system at the NIC which resulted in a number of government websites being serviced by that system going down. We are working to replace the hardware and these websites will be up soon,” said Rai, the top cyber security official in the Prime Minister’s Office
The information security training professional said in all 10 government websites went down and few of them including that of the Central Vigilance Commission and civil aviation ministry have been restored.
The inaccessibility of the government websites was reminiscent of a textbook distributed denial of service or DDOS attack where users can’t access a website because bots load it with traffic and queries. The Mandarin character complicated matters further, but it turned out that it stands for Zen, after a design theme offered by Drupal, an open-source content management system for websites.
The fact that the websites went down on account of a hardware failure is still worrying, say the information security training experts, as is the fact that they didn’t seem to have a back-up.
Defense minister Nirmala Sitharaman’s tweet said, “Action is initiated after the hacking of MoD website. The website shall be restored shortly. Needless to say, every possible step required to prevent any such eventuality in the future will be taken.”
Users logging onto the defense ministry website were directed to an error page, and a display message read: “The website encountered an unexpected error, please try again later.”
An official spokesperson said the National Informatics Centre (NIC), which hosts the MHA site, was upgrading the security system of the home ministry website. The spokesperson said the move was precautionary.
“It is a technical server issue, the NIC is looking into it, the website should be up soon,” Raviraj Saratape, a spokesperson for the science and technology ministry, said.
The CERT, which is the government’s computer emergency response team under the ministry, had issued a notification stating ‘vulnerability’ in the malware protection engine. It said this could help a “remote attacker to execute code on the target system.”
The belief that the anomaly was created by a cyber criminal has a background. Authorities had temporarily taken down the ministry of home affairs website last year after a cyber attack was reported.
A month before that, suspected Pakistan-affiliated operatives had hacked the official website of the elite National Security Guard (NSG) and defaced it with a profanity-laden message against the Prime Minister and anti-India content, information security training researchers said.
In 2016, the websites and databases of seven Indian missions in Europe and Africa were reportedly hacked and data from their servers were allegedly dumped online. Hackers going by the name Kapustkiy and Kasimierz L on Twitter claimed to have breached the security of the official websites of the Indian missions in South Africa, Libya, Malawi, Mali, Italy, Switzerland and Romania.