One of the 'The Hacker News' reader inform us today about porn content on some Indian Government websites. After analyzing such websites, we came across more than 30 sub domains belongs to 'entegramam.gov.in' . Where 'entegramam' means "My village" and all sub domains of this website are names of the different cities of Kerala state.
The websites are in Malayalam language and most of the sites are powered by Joomla and Drupal (older vulnerable versions) with discussion forums on them. On our further analyze we found that time stamp of the Porn articles posted on forum dated back to "2012/08/30 16:00".
That means, Government websites hosting Child Porn content from last four months and authorities or the moderators of the website are not aware about the issue. On a simple Google search, one can found all such pages : site:gov.in "nude" for further reports and analyzing.
Google also giving notification "This site may be compromised" for few websites in same search, showing that some of these websites are also compromised by hackers.
What if Government websites itself serving Porn ? Child Porn is not legal in any country and shameful act. Child pornography in India is also illegal. In February 2009, the Parliament of India passed the Information Technology Bill," banning the creation and transmission of child pornography. The bill enables India's law enforcement agencies to take strict action against those seeking child pornography. For example, browsing for child pornography on the Internet can lead to a 5 year term of imprisonment and a 1 lakh fine".
These Forums are actually started by Kerala Government as a project to share information regarding "Education", "Health", "Agriculture", "Tourist", "Sports", "Science" and more. We found that threads on forums are active to current dates, there should be some moderators also who look for abused or illegal content, but in this case ,Government host and forget !
Government always give stats , why no reasons for Lack in Security ? Recently, Indian Computer Emergency Response Team ( Cert-In) proudly share report in media that over 14,000 websites have been hacked by cyber criminals till October this year. Even the actual number is 10 times they claimed, but the point is, why they never mention the reasons of lack in security ?
What if Government websites itself serving Porn ? Child Porn is not legal in any country and shameful act. Child pornography in India is also illegal. In February 2009, the Parliament of India passed the Information Technology Bill," banning the creation and transmission of child pornography. The bill enables India's law enforcement agencies to take strict action against those seeking child pornography. For example, browsing for child pornography on the Internet can lead to a 5 year term of imprisonment and a 1 lakh fine".
These Forums are actually started by Kerala Government as a project to share information regarding "Education", "Health", "Agriculture", "Tourist", "Sports", "Science" and more. We found that threads on forums are active to current dates, there should be some moderators also who look for abused or illegal content, but in this case ,Government host and forget !
Government always give stats , why no reasons for Lack in Security ? Recently, Indian Computer Emergency Response Team ( Cert-In) proudly share report in media that over 14,000 websites have been hacked by cyber criminals till October this year. Even the actual number is 10 times they claimed, but the point is, why they never mention the reasons of lack in security ?
Running responsible Government websites without monitoring or moderators is not a good security practice at all. We Request authorities , if you host something - please moderate them.