Manish Kumar
Post News Network
Bhubaneswar, July 9: The website of the treasury department of the Orissa government has come under the radar of witty hackers from the cyberspace. Several trouble mongers are working online on hacking government and other websites with a view to targeting the government’s treasury with the aid of server password.
The whole episode started in the wee hours of Thursday when a secret hacking group on Facebook named ‘webinj3ct0rs’ (visible only to members) posted a challenge to hack the website (https://www.odishatreasury.gov.in) with the help of local file inclusion (LFI) injection. Many hackers of the group soon jumped onto the bandwagon with the clues made available to hack the website and started their mission to get secret information. Screen shots of some of the offensive posts are in possession of this newspaper.
The vulnerability injections are often used by hackers to get password file stores in the sensitive path of the server which has access to the server root/administrator. Experts, meanwhile, say the whole vulnerability issues are arising due to lack of upgradation of software and systems of the state government websites.
Talking to Orissa POST, Dinesh Mohanty, cyber expert from the city-based Institute of Ethical Hacking & Forensic said, “The problem has come to the fore because the government websites are now vulnerable to malicious intents. It seems they have not been updated with time and thus are facing the threat of hacking.”
Dinesh adds, “In order to weed out the issues, the server of government websites needs to be secured of threats. A regular audit of websites is needed to prevent data loss or leak of crucial financial/secret data.”
Mails and phone calls made by Orissa POST to the information technology department of the state government for their response on the subject did not yield any response.
There are 39 state government departments, many of which have their independent websites.The other department sites are nested on the state portal (www.odisha.gov.in) and managed by the Orissa Computer Application Centre.