Ajit Karn
A group called “Hacktivist Indonesia” has allegedly issued a list of 12,000 Indian websites, including Central and State that it plans to attack in the coming days, according to an alert issued by the Indian Cybercrime Coordination Centre (I4C) points of the Ministry of Home Affairs.
However, Indian government websites are “updated” and “capable” of handling such threats and false narratives disseminated by potentially malignant elements operating within or outside the country. An alert has been sent to all agencies, Central and State government branches.
I4C issued the alert on Thursday based on inputs received by its Cyber Threat Intelligence branch in response to its open-source intelligence. The Cyber Threat Intelligence division of I4C detected the narrative regarding the ‘Hacktivist Indonesia’ group, which has been involved in an illegal operation to attack Indian websites as well as those of some foreign nations.
The information was initially shared with the Indian Computer Emergency Response Team (Cert.In), a nodal agency under the Ministry of Electronics and Information Technology, which had requested to share the “potential threat” information with the nodal cyber-crime agencies in the United States.
“A group called ‘Hacktivist Indonesia’ has been targeting India, and it has created a narrative that it will attack 12,000 Indian government websites, including Central and those linked to the States,” according to sources citing the alert, adding that “it is not necessarily the case that the group is from Indonesia.”
The group ‘Hacktivist Indonesia’ may be from “Malaysia or a group of Islamic countries” because individuals with similar mentalities are attempting to attack (India) via cyberspace, according to a source.
“The hacktivist group is also capable of attacking China and Ukraine. They also target other nations, according to the source, who noted that “Hacktivist Indonesia” is one of the groups planning attacks using open source software.
“‘Hacktivist Indonesia’ has not only attacked Indian websites but also websites from other nations. They have disseminated a list of 12,000 websites of the Indian government that they intend to target. The I4C unit alerted the Cert using open source intelligence.Regarding such ongoing activities, it is recommended to be vigilant.”
According to MHA cyber experts, “this narrative has been prevalent since last year.”
“Such hackers target government websites and attempt to bring them down using various methods. Nonetheless, government websites are regularly updated. This is not a novel concept. Similar attempts were made by these hackers to attack multiple websites in Gujarat last year as well. According to experts, hackers attempt to transmit large amounts of internet traffic to slow down websites so that users are affected and cannot access or connect to online services and sites.
Distributed Denial-of-Service (DDoS) is a cybercrime in which a perpetrator floods a server with Internet traffic in order to prevent users from accessing connected online services and sites.
If a person or organization is the victim of a cyberattack, the incident can be reported on the cybercrime.gov.in website, they said, adding, “with the assistance of I4C, a concentrated effort is being made to combat this cyber menace in the Central agencies.”
Considering the threat, the Central government has already informed the states through cyber-crime and cyber security how to protect their websites, a senior MHA official told ANI on condition of anonymity, adding that “there is also a GIGW guideline that helps in controlling such illegal activities by hackers.”
National Informatics Centre (NIC) formulated the Guidelines for Indian Government Websites (GIGW) in 2009 with the objective of ensuring the quality and accessibility of government guidelines, by providing guidance on desirable practices covering the entire lifecycle of websites, web portals, and web applications, beginning with their conceptualization and design and continuing through their development, maintenance, and management.
In 2019, the second iteration of the GIGW was created. Additionally, version 3.0 of GIGW has been introduced. The primary objective of GIGW 3.0 is to provide specific guidance to government organizations on how to improve the user interface and user experience (UI and UX), by incorporating features such as intuitive page loading (using AI and analytics) based on the user journey and user profile, using a state-of-the-art content management system (CMS), user-centric information architecture (IA), and a central monitoring dashboard to identify and provide alerts on non-conformance and techncial issues.
GIGW 3.0 also substantially improves guidance on the accessibility and usability of mobile apps, particularly by providing government organizations with specific guidance on how to leverage public digital infrastructure designed for the delivery of services, benefits, and information across the government. These include API level integration for use with social media, India Portal, DigiLocker, Aadhaar-based identity, single sign-on, data sharing in open formats on the government’s data platform, government’s scheme discovery platform, government’s citizen engagement platform MyGov, AI-based Indian language translation tools, and seamless content/data access across government organisations’ web-based solutions. GIGW 3.0 provides updated guidelines for the accessibility of websites and applications in an effort to broaden cyberspace access.
Also read this:Any action involving crypto assets must be global: FM Nirmala Sitharaman
It also provides guidelines for preventing the disclosure of confidential information such as passwords, email addresses, and credit card numbers, which can result in both personal embarrassment and financial risks. It addresses all aspects of security, from design, coding, and implementation to testing and deployment, in order to prevent data loss for organizations or users due to malfunctions, phishing, cybercrimes, or cyberattacks.
