Months after TechCrunch initially brought attention to the problem, fraudulent links are still there on some Indian government websites.
Users are redirected to websites that promote online betting and investment frauds by more than 90 “gov.in” website connections connected to several state councils and Indian government departments, such as the Indian Council of Agricultural Research and India Post.
Fraudulent Links on Indian Government Websites
Because search engines like Google index these scam links, people are more likely to come across false content when exploring the internet.
About four dozen connections on government websites were hacked and redirected to online gambling sites, according to a May TechCrunch article.
Although the issue was escalated at the time by India’s Computer Emergency Response Team (CERT-In), it is still unknown whether the underlying source of the problem was resolved.
Recent social media posts, such as those made by Menlo Ventures’ Deedy Das, suggest the issue is still present and might even be more pervasive.
Flaws in Server Setups or CMS of Websites
According to security expert Bob Diachenko, the problem could be caused by flaws in the server setups or content management systems (CMS) of the websites.
Diachenko cautioned that attackers may recreate the problem if the malicious content is eliminated alone without fixing the underlying flaws.
According to Diachenko, addressing the underlying reason is not a very difficult undertaking, but it does involve effort and downtime.
He said, “If only the symptoms (e.g., malicious content) are removed without addressing the root cause (e.g., vulnerability or backdoor), attackers can reintroduce the issue. It is not a very challenging exercise but requires some downtime and efforts.”
TechCrunch alerted CERT-In to the compromised URLs earlier this week, but the organisation did not reply.
Around the time TechCrunch was published, the impacted links started to display a “page not found” message, indicating that temporary measures were implemented.
The Information Security Awareness (ISEA) division of MeitY issued a warning in 2023, advising citizens to be cautious of falling victim to fraudulent e-challan schemes. This cautionary measure has been implemented in response to the increasing incidence of cybercrimes in various regions of the country.
