shicon的部落格

India gets stricken by Bomb blasts just about both time period. Hundreds of Innocent group die for no rational motive. While it is tough to check all such attacks, it is honourably feasible to hinder such as attacks by improvising and exploitation the current materials efficaciously.

Let's exterior at some of the problems we face:

1. ATS: Wrong focus?

While it's a public awareness that terrorists use the Internet for communication, and point of reference Indian websites to stress their cause, The Anti-terrorist Squd seems to concentration much on drumming mobiles, Intercepting GSM networks and voice-privacy solutions. The realness is, even yet these do help, they are worthless way of following terrorists. Talk roughly Internet / Web collateral or Digital Forensics, they offer you an odd form. Techies are unmoving trivial folks in advanced of their "real" international of guns and shells. Besides we always have the Cyber Crime Cell in Mumbai to put the point the finger at on.

2- Cyber Crime Cell, Mumbai: Cyber What?

I don't penny-pinching to be rude, but it's much a glorified division. Even drawing an email is a goad. But much than the technical incompetency, the bigger thing is knowledge. A few smart relatives who cognize a few logical things prefer to preserve mum. Their pretext - Why stretch out your jaws and summons more work? The interlocking unspoken ego and break up linking "senior" and "junior" officers assure that well-founded donkey work or action ne'er get's enforced.

3 - NTRO: Making the spot on moves

NTRO is one operation i individually admiration a lot. They have ready-made wearing clothes pains to bridge the gap betwixt various agencies over and done with incident. With a active technical team, i have a feeling they are to a certain extent armored to grip Cyber Crime related to issues. But again, they are not straight active or are guilty to meet it.

4 - CERT India: A big joke

I don't know why we have CERT India. What is it's role? let's see what they say give or take a few it:

"CERT-In will next study the news provided by the newspaper writing muscle and set the state of an event. In bag it is found that an incident has occurred, a pursuit figure will be appointed to the incident. Accordingly, the papers will be supposed and the reportage authority will be wise of the assigned following numeral. CERT-In will incoming a troop as required." ... and Blah Blah Blah.

Here's the fairness. CERT does not have any group for Incident Reporting. Even if you tittle-tattle an Incident, they won't react hindmost to you. In August 2006, we reported do up to 40 Government associated websites (Including the president's) that were prone to hacking. We gave rigorous links, known proof, video's (yes, even transcribed videos!) and screenshots. This written report was also dispatched to trunk word transmission. What happened? Nothing! With anguish, we could lone keep under surveillance our Indian websites beingness hacked finished instance.

NIC : Helping Hackers?

Almost all parliament accompanying websites are formulated and maintained by NIC. And virtually all website has a host of vulnerabilities that a defacer can pilfer pre-eminence of. I miracle why NIC does not have a clothed wellbeing taming near all that fortune from the Government? With e-governance on the rise, it will be perilous if Indian Government does not appropriate a thoughtful face at paucity of Information Security awareness.

So what can be done?

I conjecture the Government must dislodge nifty towards geartrain for Cyber action. This is wherever the indisputable skirmish lies. With the incalculable bewildering net of departments, it's second-best for the Government to motion every white-collar direction. Here are many suggestions:

1. Acknowledge Hackers and carry out WITH them. Encourage Open Disclosure.

2. Support Indian Hacker groups and colony.

3. Facilitate Cyber Crime consciousness in Academics. Utilize local youths as volunteers for finding cyber sin cases.

4. Make it required for all lawyers to raise their exact skills and awareness of Cyber Crime.

5. Consult the firm past authorship or devising added amendments in the IT Act Law

6. Understand the value of Training and tell the same to the exactly those. And not expect it to be delivered unbound by more than a few friendship.

7. Establish conciliation between contrary agencies for faster declaration of snags.

Open Disclosure - Hacked Websites (Not in NEWS yet)

Here is a minor account of websites.. that were hacked / compromized by the unit and notified to the Cyber Crime Cell / Government but null has been through with to ascertain it:

Working paradigm of a Vulnerable website:

Others:

Passport Office Chandigarh

Tata Memorial Hospital

Ministry of Information and Broadcasting

Dept. Of Education - Govt. of Rajasthan

official website for Eastern Railway

BSNL - Dotsoft Development Center

Ministry of Defence

Prime Minister of India - PMOs Office

Directorate of Public Grievances

Central Information Commission - CIC

Central Vigilance Commission - CVC

Election Commission of India

Directorate of Technical Education Maharashtra

Mumbai Police

The Singareni Collieries Company Ltd

State Information Commission - Himachal Pradesh

NIC - Project Progress Monitoring System

Public Health Engineering Department

Tea Board of India

This is with the sole purpose a uncomplete record of suggestible sites. Feel at liberty to limit us for added rumour (concerned webmasters can communication for free of charge document / systematic defend of the issues).