A group of hackers has claimed to have accessed a section of the Rajya Sabha website that only members of the Upper House and administrators of the website are supposed to have entry to. To substantiate their claims, the group, which calls itself Lulzsec India, posted screenshots on Twitter on Sunday night, purportedly after logging into the account of Bharatiya Janata Party President Amit Shah, who is also a Rajya Sabha member.
The images uploaded by the hackers show that they could have gained access to details including Shah’s email inbox on the Rajya Sabha domain, text messages that can be sent by the public to the Rajya Sabha members on their official numbers, bulletins, details on debates, business in the Parliament, telephone bills, electricity and water bills, bills pertaining to travel allowance, and money transfers to official bank accounts. The members’ logins, which are only meant to be accessed by the Rajya Sabha members themselves, are secured by usernames and passwords that the hackers claimed to have bypassed.
The screenshots show that the hackers purportedly opened two links – one pertaining to bulletins meant for Shah and another link through which they could have sent a request to update his personal address.
The Rajya Sabha website comes under the domain of the National Informatics Centre, which through its information and communication technology network provides institutional linkages among all ministries and departments of the central government, several channels of state governments and union territories and as many as 688 district administrations. Websites that come under the ambit of the Centre have a ‘(dot)nic’ in their address.
Detailed questionnaires to the web and information technology wings of the Rajya Sabha secretariat and the deputy director general of the National Informatics Centre sent by Scroll.in remained unanswered when this news report was published.
“This incident has once again exposed the weak security infrastructure of websites under the NIC domain,” said Kislay Chaudhary, a cyber security expert and consultant to several government agencies. “It is high time that government agencies should develop a long-term and round-the-year mechanism for security audits instead of going for them on long intervals, which prove to be inadequate in terms of catching up with updates and upgrades of programmes that run servers.”
This could be the first reported instance of the Rajya Sabha website being hacked, but there are more than 700 instances of government websites being hacked between 2013 and 2017, the government had told the Lok Sabha in 2017.
This particular hackers’ group was in news earlier in August, 2017, when it claimed it had breached 30 government websites in Pakistan.