Hyderabad: The GHMC’s website was hacked on Monday and a nude image of Bollywood actress Sunny Leone appeared on one of its affiliated webpages.
Stunned officials from the IT & Citizen Services wing of the civic body removed the link, and the image, as soon as the matter was brought to their notice.
The image of Leone appeared on the webpage of the Off Site Real Time monitoring system (OSRT) on GHMC’s website. The OSRT is meant for monitoring garbage vans and carry real-time updates on the vehicles carrying refuse.
GHMC officials meanwhile did not lodge a complaint about the alleged hacking and have apparently closed the matter after an internal enquiry. it remains unclear what action has been taken. Also, it’s still not clear who was behind the defacing of the OSRT website. Deputy engineer of IT wing Mr Somashekhar said that the GHMC had stopped using the OSRT technology one-and-a-half years ago.
“We used to utilise the technology with a third party’s application and server. When we stopped using these services, we forgot to remove the link of the webpage from our main site (www.ghmc.gov.in). When we came to know about the image of the actress, we immediately removed the link of the OSRT webpage from our site,” he said.
Government sites often have vulnerabilities
Dangerous vulnerabilities have been identified in several government websites and these holes in security make most of them very prone to hackers. Recently, the MeeSeva site was hacked by alleged Pakistan-based hackers.
Ethical hackers are backing Linux-based servers to beat threats. Most of the government's sites are being run on Server 2003 which has siginificantly less security features when compared to Server-2008.
Experts claim Server-2003 was designed to protect databases and web pages from Denial Of Service attacks but hackers these days are using sophisticated technology to deface websites. It’s believed that hackers from Pakistan, China and Turkey are adopting “SQL Injection” techniques for defacing target websites.
CEO and founder of Sytech Labs and cyber crime consultant for AP and Telangana police, Mr. Sandeep Mudalkar said the modern-day hacker has no need of user details. “If the hacker identifies loopholes in any website, he can install a shell programme in the ‘MySQL Database’. Once he installs the shell programme, he doesn’t even need a user ID or password of a website and he can access data or deface the website,” he said.
He added that most government webpages have vulnerabilities in sidebars or in ‘header’ or ‘footers’.
“A tiny mistake by an operator of the government site can open doors for hackers — leading to a major attack. Most data entry operators working with governments don’t focus much on security,” he said.
