Over 90 official ‘gov.in’ domains representing the Indian government websites, including those belonging to high-profile entities like the Indian Council of Agricultural Research and India Post, redirect users to dubious sites promoting online betting and investment scams. State government websites in Haryana, Maharashtra, and others have also been implicated in this ongoing security lapse.
In August 2024, Candid.Technology found that the Jal Kal (Water Works) department of Lucknow’s Municipal Corporation links to an Indonesia-based lottery scam website named Sekolahtoto.
The compromised links have been indexed by major search engines like Google, further amplifying the risk for unsuspecting internet users who may stumble upon these malicious websites, reports TechCrunch.
This is not the first instance of such an issue. In May, reports emerged that approximately four dozen government links were being redirected to online betting platforms. At the time, the Computer Emergency Response Team of India (CERT-In) had escalated the matter, but the root cause of the vulnerability remained unclear.
The recent findings suggest that whatever measures were taken to address the problem were either insufficient or temporary.
Cyber security experts like Bob Diachenko offered insights into the possible reasons behind the recurring issue. He noted that the compromise might stem from website content management systems (CMS) vulnerabilities or server configurations.
Diachenko emphasised that merely removing malicious content without addressing the underlying flaws — such as backdoors or unpatched vulnerabilities — leaves the systems open to repeated exploitation.
“If only the symptoms (e.g., malicious content) are removed without addressing the root cause (e.g., vulnerability or backdoor), attackers can reintroduce the issue,” Diachenko explained. “It is not a very challenging exercise but requires some downtime and effort.”
When experts contacted CERT-In with examples of affected links, the agency did not respond to the inquiry. However, the reported links began returning ‘page not found’ errors. This suggests that some action might have been taken, albeit without public acknowledgement or a transparent resolution plan.
The persistence of such vulnerabilities, especially on reputed Indian government websites, raises serious concerns about cybersecurity practices in India. Hosting scam links not only undermines the credibility of these websites but also places users at risk of financial loss and data theft.
In the News: WazirX is refunding only Rs 600 crore out of Rs 1975 crore lost
