Sachin Pilot, the Minister of State for Communication and Information Technology, informed the Parliament of India, that a total of 112 Government websites were hacked during the period of December 2011 to February 2012. The hacked websites include websites of Government of Andhra Pradesh, Madhya Pradesh, Rajasthan, Tamil Nadu, Maharashtra, Gujarat, Kerala, Orissa, Uttar Pradesh, Sikkim, and Manipur along with the websites of Ministry of Finance, Health, Planning Commission and Human Resource Development.
In addition to this announcement, Sachin Pilot also confirmed that Bharat Sanchar Nigam Limited (BSNL) was hacked by the Pakistani hacker group called ‘H4tr!ck’ on December 4, 2011 although he didn’t reveal the extent of damage caused.
Internet frauds: Replying to a question in the Lok Sabha, Pilot informed that according to Reserve Bank of India (RBI), the number of Internet fraud cases involving an amount of Rs 1 lakh and above in 2011 was 125, a significant dip from 269 cases recorded in 2009. However, the number of cases wherein the amount involved was less than Rs 1 lakh were at 1798 accounting to Rs 7.87 crore. In comparison, the year 2010 witnessed 2232 Internet fraud cases accounting to Rs 12.35 crore while 2009 saw 864 Internet fraud cases accounting to Rs 8.24 crore.
The Central Bureau of Investigation (CBI) had registered three cases pertaining to financial frauds under the Information Technology Act in 2011 and as of Feb 29, 2012, the agency had already booked two cases for 2012. It had booked two similar cases in 2010 and two cases in 2009.
Steps for Prevention: Sachin Pilot informed that Indian Government has taken several steps to prevent cyber attacks and financial frauds in the country. These include:
- The Information Technology Act, 2000 provides legal framework to address issues related to phishing, hacking and security breaches of the information technology infrastructure.
- Reserve Bank of India (RBI) has issued a circular to all commercial banks to alert them on phishing attacks and provide a minimum set of preventive /detective measures to tackle phishing attacks. It had also issued a circular on July 1, 2011 on credit card operations by banks, where it had advised to set up an internal control system to fight frauds, take pro-active fraud control and enforcement measures and fulfill the ‘Know Your Customer (KYC)’ requirements.
- Reserve Bank of India (RBI) has advised banks to leverage technology to support business processes, implement all stipulations outlined by RBI from time to time, ensure the implementation of basic organizational framework and have a policy and procedure to prevent financial frauds through Internet, in place.
- The Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats and countermeasures on regular basis. It also offers incident response service to handle phishing attacks on the banks across the country.
In December 2011, the Indian National Congress‘ website was reportedly hacked and its party leader, Sonia Gandhi’s profile page was defaced coinciding with her 65th birthday. Pilot had informed the Lok Sabha that cyber crime cases had more than doubled in the last year with 219 government websites being hacked, 356 cases booked under Cyber Crime related Sections of Indian Penal Code (IPC) and 966 cases booked under the Information Technology Act in 2010.