The Hacker News
An 'ethical' hacker demonstrates how one can break into the civic corporation's e-governance site and I P Gautam's official domain to access confidential info.

The state government's websites are under threat of being hacked. A BCA student, who calls himself an 'ethical' hacker, demonstrated how it was possible to hack into the e-governance site of the Ahmedabad Municipal Corporation and civic chief I P Gautam's official domain.

Falgun Rathod showed on his home PC how these websites are vulnerable to misuse, poking the bubble of the state government that prides itself in winning three National e-Governance Awards recently.

Rathod also demonstrated how one can access the balance sheet of all nagarpalikas in the state that use the double entry accounting system. He pointed out that one can easily update any file on the website or change the face of the websites by using defacer websites.

While checking the AMC
website, the 20-year-old student came across the 'Administration log-in' page. Out of curiosity, he explored a bit more into it and tried to implement authentication bypass (input validation attack). He put a string, which is a unique code in computer language, in the login form, that has user name and password. The moment theaccount opened he realised that he had hacked into Municipal Commissioner I P Gautam's ID which said, 'Welcome I P Gautam'.

This was a shock for Rathod who realised how confidential information that is meant only for administrative work and staff can be used for illegal or malafide purposes.

He found that information like updates on the projects, tenders, sending mobile messages to the AMC employees was possible through the ID.

"If a hacker wishes to spread false information among the employees using the municipal commissioner's domain ID, it is very much possible," Rathod told Mirror.

Rathod decided to alert the AMC about this loophole in their system. Rathod and this Mirror reporter contacted I P Gautam, who in turn directed them to deputy municipal commissioner Dilip Mahajan who looks after the Information Technology department.

Mahajan appreciated Rathod's proactiveness in bringing the issue to the civic corporation's notice.

"We will look into the issue closely. If laxity is found in the security system we will try to secure it at the highest level and solve it at the earliest," Mahajan said.

The DyMC said it was the AMC that had implemented the mail service to its employees for the first time in India in 2002. The service is available for the internal use of employees.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.