Indian Government Websites: A Persistent Security Challenge
It’s been months since TechCrunch highlighted a concerning issue with Indian government websites, yet the problem persists. Over 90 “gov.in” domains, spanning departments like the Indian Council of Agricultural Research and India Post, as well as various state governments, continue to redirect unwary users to dubious betting and investment scam sites.
Such exposure is heightened as search engines like Google have indexed these malicious links, inadvertently increasing the chances of internet users stumbling upon them. In May, TechCrunch alerted us to dozens of government links being exploited in this manner. The Computer Emergency Response Team (CERT-In), India’s cyber watchdog, was quick to escalate the matter. However, the core vulnerability allowing these attacks remains unresolved.
Recently, Deedy Das from Menlo Ventures and others reignited the conversation on social media platform X, pointing out the resurgence and widespread nature of these hacked pages. Security expert Bob Diachenko offered some insights into why this might be happening. He suggests that the underlying issue may lie within the websites’ content management systems (CMS) or server configurations.
“If only the symptoms (e.g., malicious content) are removed without addressing the root cause (e.g., vulnerability or backdoor), attackers can reintroduce the issue,” Diachenko explained. “It is not a very challenging exercise but requires some downtime and efforts.”
— Bob Diachenko, Security Researcher
This week, TechCrunch once again reached out to CERT-In, providing examples of compromised links. While the agency has yet to respond formally, it seems that some action may have been taken as affected pages now display a “page not found” error.
- Over 90 “gov.in” domains affected
- Potential CMS or server configuration issues
- CERT-In’s lack of response raises concerns
For those managing web security within government agencies, this situation underscores an important lesson: addressing only the symptoms without tackling the root problem will likely lead to recurring issues. As such, proactive measures and comprehensive solutions are essential to safeguard public resources from these persistent threats.
