In September, 2013, a group of men from Iran targeted an old dam in a low-key US suburb, about 30 km from Manhattan, and gained access to its control system. All it took the hackers, as learnt by the authorities much later, was a trial and error method, called brute-forcing, to gain access to the password of one of the computers in the facility that was using Windows XP operating system. They cracked the password — ‘666666’ — using a search engine. But, luckily, the dam was under maintenance at that time. Thus they could not carry out their diabolical plot.
If an advanced country like USA was vulnerable to such a cyber attack, concerns are being raised over the cyber security systems in Andhra Pradesh where the government is going full throttle to use technology in every aspect of governance. And the recent series of incidents of ‘data leakage’ from the government department websites make the issue a pertinent one.
Given the capabilities displayed by the hackers at the recent hackathons organised by the State Government, it is frighteningly clear that they can, if they want, take control of power grids, traffic signals, surveillance systems etc, anywhere in the country.
Cyber security researchers explained that most of the computers used by the State Government run on popular operating systems like Windows or Linux for which ‘exploits’ are easily available. Exploits, in cyber security parlance, are the commands used to take advantage of a bug or vulnerability to cause unintended behaviour in a system.
“From what I know, the cyber security infrastructure in Andhra Pradesh is not very secure. The government uses public operating systems which are easy to hack. That was the reason some of the systems were affected during the WannaCry ransomware attack,” explained Sai Satish, a cyber security expert from the State, who is one of the top ethical hackers in the country. He added that he has also tested some of the State Government’s websites whose databases are not encrypted.
The risks of having databases which are not encrypted include the possibility of hackers taking control of the entire power grid, traffic signal systems, CCTV cameras, electrical substations, street lights, and any other computer-operated government facility. All it requires is mind and efforts, experts warned.
“If the government is controlling the operations from a single portal, it is possible to take control over anything using brute-forcing or other techniques. No system is entirely secure. It is just a matter of time before an exploit is released,” Satish observed. The State Government officials too are aware of the potential vulnerabilities. “That is why we have decided to encrypt the data of various departments using Blockchain technology. We will start with education and transport departments. Then we will go for other departments,” JA Chowdary, IT advisor to CM Chandrababu Naidu told TNIE. Encryption of data using Blockchain is expected to be completed in the next three to six months. Chowdary further explained that the government had also recently setup AP Cyber Security Operations Centre (APCSOC) in Vijayawada, to combat the potential threats. “We have also decided to conduct hackathons every six months, where college students and experts will ethically hack our systems to identify vulnerabilities so that we can immediately plug them,” he added.
