Bhubaneswar, May 22: The websites of several educational institutions in the state that had recently been hacked and later secured, are still vulnerable to such threats, a group of ethical hackers in the city have said.
Even as they sounded the warning, another educational website, that of the Biju Patnaik Institute of Industrial Training — http:// www. bijupattanaikitc.com/ index.html — was hacked today. It is yet to be fixed.
Three websites of the premier Utkal University — http://utkal-university.org and http://utkaluniversity.ac.in — had reportedly been hacked on May 13 by hackers who called themselves the K9 Cyber Army. The hackers had defaced a few web pages. However, two days later, a varsity official had said: “The problem has been fixed.” The varsity authorities had apparently not lodged a police compliant after the websites were hacked and the hackers have gone scot free.
Ethical hacker Amiya Kumar Mishra today gave a live demonstration of hacking the university’s websites. He told mediapersons that the websites were still vulnerable and could be hacked easily.
“Hacking of websites does not only mean defacing the pages. Once the e-admission process starts, the website launched by Utkal University will contain important details about the students, colleges etc. Mischievous persons can misuse these student details, such as their address and educational qualifications, and impersonate them. Fake identity cards, too, can easily be generated and misused,” said Mishra.
The hacking menace would spiral during the e-admissions, he said. “A hacker can easily break into the website and shuffle data to place a less meritorious candidate at a higher rank. The student could then be allotted a seat in the most sought-after colleges in the state and deserving students would lose out,” he said. Mishra said the university authorities must take appropriate measures to ensure that the personal data of students was not misused.
The team of ethical hackers said the websites were lacking in secure coding practices. They suggested that security auditing of government and college websites be made mandatory in the state. “The IT ministry has a rule that any government website hosted on an ‘.nic’ server should be audited by a security agent before being launched. There should be a similar rule for websites of educational institutes, which carry important information,” said one of the ethical hackers.
According to them, more than 70 per cent of government websites in the state were vulnerable to hackers. The website of IIT Bhubaneswar, which was hacked into a few months ago, also figures in the “high risk” list. “The state government’s e-dispatch system is also very vulnerable. One can even send or stop a letter from being dispatched from one department to another,” said Mishra.
The team of professional hackers said they were ready to secure the Utkal University’s websites free of cost and had invited the varsity students who designed the e-admission website to come to them for guidance.
The K9 Cyber Army had even created its profile on Facebook, with posts discussing their success in hacking websites in the past. “The varsity authorities did not bother to register a complaint after their websites were hacked. It would not a surprise if the BPUT site is hacked. A FIR should be lodged by the affected parties if they want an end to this nuisance,” said Mishra.