Indian Passport website hacked by Amateur – Makes money by blocking Tatkal Appointments
Many of our government websites are open for attacks – So open that even an amateur can gain easy access to them.
Imagine, a small time data entry operator was able to get through the Firewalls and gain access to NIC servers. Not only that, he managed to remain hidden for over 4 months without anyone knowing about this whole thing.
It only came to light when Hyderabad police busted a gang of seven persons who were charging a hefty fee for getting confirmed appointments for submitting passport applications under Tatkal scheme.
Here is the story – This Hyderabad based DTP Operator used to work at an agency to fill client forms online. During the course of his work, he found bugs in the Passport website with the help of which he could access the NIC server and succeeded in submitting the passport applications with confirmed dates under the Tatkal scheme even though the dates were yet to be officially released by the passport authorities !
With all the appointments gone, general public were never able to get the appointments under Tatkal Passport scheme. The hacker (if you can call him one..) then tied up with all the travel agents and sold each of these appointments to general public for 3000 to 5000 rupees each.
Surprisingly, during these 4 months, the website administrators fixed some of the bugs which were also circumvented.
This seriously goes to show the lax state of security on Government run websites. Luckily, this was a small time guy trying to make some quick moolah. It could very well have been case of passport applicants database being compromised. Imagine, what would have happened with that kind of information in wrong hands.
I think it is high time NIC pulls up their socks and ensures air-tight security on these websites!