VTU not amused as student hacks its website to expose poor security

Hacker got copy of answer sheet without paying fee; varsity goes to cybercrime cops

Visvesvaraya Technological University (VTU), Belagavi, does not seem to be very tech-savvy. A final-year engineering student has hacked the VTU’s online payment system, exposing chinks in its security features.

Sai K, a student of electronics and communication, claimed to have obtained a photocopy of an answer script without paying the fee by hacking the online payment system. He justified his actions by saying he wanted to draw the university’s attention to the security measures of the website.

Sai, however, may face action as the VTU has lodged a complaint with the cybercrime police, Bengaluru. “Unidentified people hacked the online payment facility for revaluation of answer scripts, but not the website as such,” H N Jagannath Reddy, Registrar, VTU, told DH. “VTU’s is the most secure website and can’t be hacked. Some miscreants would use the VTU website, create fake circulars and distribute them. I have sought action against such people.”

He claimed that external marks of over three lakh students and the confidential data of over 17,000 faculty members were highly secure. Following the incident, the VTU has decided to modify the website and its interface.

The hacking has once again exposed the lack of security in websites of government agencies. “Not just VTU’s, websites of many government agencies are highly insecure,” a cyber expert told this newspaper on condition of anonymity.  According to him, lack of expertise in maintenance of websites and fund constraints for regular management trigger the hacking.

The National Informatics Centre (NIC), the national nodal agency for government websites, regularly issues upgrade guidelines which are ignored by government departments because upgrades don’t come free. Many departments are headed by e-illiterate bureaucrats who fail to understand the importance of preventing hacking. The departments also fail to renew software, which contributes to hacking, the expert noted.

An additional director general of police (ADGP), who headed the crime and technical wing, echoed him. “The protection measures of government websites are extremely poor. These websites should have additional firewalls. Government departments should stop using unauthorised software and employ a team to keep a close watch on suspicious activities,” he said.

The Indian Computer Emergency Response Team (CERT-In), which comes under the Ministry of Electronics and Information Technology, has issued guidelines on how to deal with cybersecurity threats such as hacking and phishing. Government agencies should follow the guidelines to prevent hacking, he added. Hacked govt sites

n Feb 16, 2010: 21 websites of the Andhra Pradesh government hacked.

n Aug 18, 2010: Kerala State Road Transport Corporation’s website hacked.

n Aug 28, 2010: University of Mysore’s website hacked.

n Aug 25, 2016: RGUHS website hacked.

n April 25, 2017: National Aerospace Laboratories (NAL) website hacked.

n Sept 12, 2017: Bescom website hacked. 
DH Newsletter Privacy Policy Get top news in your inbox daily
Comments (+)