Govt waited 7 months to act on Kaveri software hack

The Department of Stamps and Registrations was aware that its property database software Kaveri had been compromised at least seven months before it filed a complaint.

Though the department had first flagged the issue in December 2018, a report was also submitted in connection with the issue on March 14, 2019, a copy of which is with DH. However, the complaint for alleged tampering of around 300 property documents using the database was only filed on October 22.

Authorities have defended the delay, saying “due process” had to be followed before filing a complaint.

The intra-departmental report submitted in March this year had highlighted the issue, pointing out to collusion between sub-registrars, engineers at the Centre for Development of Advanced Computing (C-DAC) and a private firm for the hack, while recommending a technical investigation.

Kaveri online service is a web-based application, which provides interface to citizens to enter details and book appointments for registration of property documents, apart from other features. The department had suspected the role of around 20 individuals in the case.

According to documents, the Internal Audit unit of the Stamps and Registration Department had submitted a report on March 14, 2019, regarding ‘Data Updates in Kaveri’. The report was given after K V Thrilok Chandra, Inspector General of Registration and Commissioner of Stamps, was alerted about technical errors creeping into the Kaveri database in December 2018.

The report by Srihari M, Inspector, Audit Section noted that the flaws detected in Kaveri database were ‘serious technical issues’, which was confirmed by reports by ‘project managers at C-DAC and HCL’ that developed and maintain Kaveri.

“Since neither registrars, sub-registrars, first division or second division assistants possess the technical know-how of Kaveri software to make such changes, only officials with the technical expertise, such as district engineers of the private firms or personnel at the Department headquarters, could have misused the software,” the report noted.