Government Institutions in India: A Popular Target for Hackers

Dhwani Meharchandani

Over the last few years, the cybersecurity landscape in India has become quite unstable. While cybersecurity spending has increased significantly, the number of cyber attacks has shown no signs of slowing down. According to official estimates, the number of ransomware attacks in India has increased by 120 percent. Despite the growing vigilance amongst both public and private organizations in India, power companies, telecom vendors, oil and gas majors, diagnostic labs, and even restaurant chains have become victims of cyberattacks.

Moreover, the government institutions in India have become one of the most popular targets amongst cyber criminals these days. According to the data provided by the Computer Emergency Response Team of India (CERT-In), there were more than 6.07 lakh cyber security incidents in the first half of 2021, of which around 12,000 incidents involved government organizations. In this blog, we’ll discuss the major cyber attacks that targeted Indian government organizations and the steps taken by the government to prevent these occurrences.

Major Cyber Attacks on the Indian Government

Over the last decade, there has been a slew of vicious and devastating cyber attacks on various government institutions and critical infrastructure in India. Here are a few examples of such attacks:

Government Websites Defaced

Recently, there has been a wave of cyber attacks that have targeted more than 70 private and public sector websites in India. A popular hacktivist group called DragonForce Malaysia has taken credit for this campaign, which involves carrying out several sweeping ‘injection’ attacks. As a result of this barrage of attacks, many government websites have been defaced while several other sites were knocked offline for over 48 hours. The affected government sites included the Indian Embassy in Israel, the National Institute of Agriculture, and educational institutions like Delhi Public School. 

Kolkata International Airport Attacked

In 2019, the international airport in Kolkata faced a huge cyberattack, which targeted nearly one-third of its infrastructure. The attack led to the LAN shutdown and blanked out flight information display boards, flight check-in terminals, and CCTV surveillance. The chaos caused by the attack resulted in the delay of 30 flights, leaving around 4,00 passengers stranded. The situation forced CISF to deploy additional personnel and it took IT experts more than nine hours to resolve the problem and successfully restart the system. 

Cyber-espionage Campaign by Pakistani APT Group 

In mid-2019, an advanced persistent threat (APT) group linked to Pakistan targeted critical Indian infrastructure of public enterprises related to telecommunications, power, and finance sectors. The attack was suspected to be a cyber-espionage campaign aimed at obtaining access to sensitive information in order to gain a competitive edge against India. As part of the campaign, these Pakistani government-linked hackers sent out phishing emails to Indian government employees. They even created fake government and military websites and sent attachments of government-themed documents to deliver malware.

Prime Minister Narendra Modi’s Twitter Account Compromised

In September 2020, the Indian Prime Minister Narendra Modi’s Twitter account was compromised by an unknown group. This account updates the prime minister’s mobile app and personal website. The hackers used Modi’s compromised account to tweet that India had officially adopted bitcoin as legal tender. Moreover, the fraudulent tweet included a scam link that promised a free bitcoin giveaway. The tweet had said that the government had bought 5500 bitcoins and is going to distribute them amongst the country’s residents. 

Mumbai Power Outage

On 12th October 2020, Mumbai, India’s financial capital, suffered a massive power outage. Consequently, water supply was affected, train services were canceled and hospitals had to depend on generators. Navi Mumbai and Thane had to struggle to continue running everyday operations until the problem was solved two hours later. It was suspected that the incident was caused by 14 Trojan horses, a type of vicious malware that might have infected the servers of Maharashtra State Electricity Transmission Company. Cybersecurity experts pointed fingers at China’s People’s Liberation Army (PLA) in relation to the party responsible for the attack. 

COVID-19 Lab Results Leaked

In January 2021, personal data including the COVID-19 lab test results of thousands of people in India was leaked online from a government server. The leaked personal information included names, dates of birth, addresses, phone numbers, and COVID-19 test results. All of this data was made publicly accessible and could be easily accessed through a simple Google search. Moreover, the leaked data was put on sale on a website called Raid Forums, where a cybercriminal claimed to possess the personal information of more than 20,000 Indians. 

PII of Police Personnel Compromised

In February 2021, the personally identifiable information (PII) of 500,000 Indian citizens who participated in the police examination conducted in December 2019 went up for sale online. The leaked data belonged to the candidates of the preliminary examination conducted by the Bihar Police Subordinate Services Commission (BPSSC) for the post of Sergeant/ Sub Inspector/ Assistant Superintendent Jail. The compromised information included the candidates’ full names, dates of birth, email IDs, FIR records, and criminal histories.

What is the Indian Government Doing to Prevent Cybercrimes?

As we’ve already established with the examples above, the national critical infrastructure and government institutions in India have never been more at risk of cyber attacks than they are today. Looking at the situation at hand, the government of India has already started investing time, effort, and money into reinforcing the security infrastructure of the country. It has introduced numerous initiatives and taken many steps to strengthen the country’s current cybersecurity landscape.

India’s Ministry of Home Affairs (MHA) has launched the Indian Cyber Crime Coordination Center (I4C) to support Law Enforcement Agencies (LEAs) in undertaking matters related to cybercrime. The ministry has also launched the National Cyber Crime Reporting Portal (NCRP) to enable the victims of cybercrime to report cybersecurity incidents online. As nearly 60% of the cybersecurity-related complaints revolve around online financial frauds, the MHA has also established the Citizen Financial Cyber Fraud Reporting & Management System (CFCFRMS) to stop the theft of funds by fraudsters.

Moreover, with a strong belief that generating cybersecurity awareness among the public is essential for preventing cybercrimes, the ministry has launched the Cyber Jagrukta Divas initiative. Under this initiative, all the government organizations falling under the ministry’s purview are requested to celebrate Cyber Jagrukta Divas on the first Wednesday of every month by generating cybersecurity awareness amongst employees.