Home
Security Flaws Expose Indian Educational Websites to Cyber Attacks

Security Flaws Expose Indian Educational Websites to Cyber Attacks

February 04, 2025 Life

Security Flaws Expose Indian Educational Websites to Cyber Attacks

A recent cybersecurity incident has highlighted significant vulnerabilities in the Indian Education and Research Network (ERNET), leaving numerous educational institutions at risk.

The Incident Overview

On Wednesday evening, unauthorized individuals claiming to be from Pakistan managed to hijack several educational websites, including the Indian Institute of Technology Bombay (IIT-B)'s website. This incident, while not leading to a complete hack of the websites, did disrupt the normal access to these platforms.

According to Abhijit Tomar, who oversees the working of IIT-B’s webpage called Insight, the ERNET domain containing these educational sites was compromised, directing visitors to a malicious page claiming to be 'Hacked by Hunter Jutt 23rd March Pakistan Day'. Despite this, the main websites themselves remained unaltered, and no internal data was compromised.

Technical Details of the Attack

The root cause of the issue was traced to ERNET, the registrar of the domain, which was found to have stored passwords in plaintext and sent them in plaintext emails. This vulnerability allowed the hackers to manipulate the DNS records, redirecting users to their malicious page without compromising the actual server.

Cybertech4surce reported that Pritam Baral, a senior at IIT-B, found that ERNET seemingly stored passwords in plaintext and sent them in plaintext emails. This indicates a serious flaw in the security protocols of ERNET. The nature of the access the hackers obtained is still under investigation by ERNET itself.

Tomar explained, 'It is possible that they found a general loophole in the website which until now they have only exploited for IIT-B. They likely targeted the IIT-B website due to the use of a cheap server that cannot handle heavy internet traffic.' This underscores the vulnerability of educational sites that rely on inexpensive hosting services.

Impact and Investigation

While the impact on IIT-B was significant, the exact extent of the attack remains unclear. It is estimated that it will take a couple of days for ERNET to reset the domain and restore normal access, assuming that all websites using the .ernet domain will be affected.

Education and Research Network (ERNET) has now taken steps to strengthen its security measures. Key actions being considered include enhancing the security protocols to prevent similar incidents in the future. Flaws in password management and email security practices will be the primary focus of the investigations.

Conclusion

The incident serves as a critical reminder of the ongoing challenges in cybersecurity for educational institutions. It highlights the importance of robust security protocols and regular audits of security measures.

As ERNET and other educational institutions work to secure their online platforms, it is essential to create awareness and implement robust measures to prevent similar incidents in the future.

Keywords: cybersecurity, Indian educational websites, DNS hijacking

Related Posts