banner-47
 
Why Websites Crash

‘Digital India’ in Crisis

Raman Swamy

The government is in denial mode. Government websites were not hacked, they insist. It was just a hardware malfunction. Either way, the message is clear—India is not ready yet to plunge headlong into the Digital Age.

The fact is that even the most secure online properties of the Government are not safe and secure. If the websites of the Ministries of Home and Defence can crash in an instant, who can guarantee that commercial banks and data vaults will be immune to systems failures or cyber attacks? It proves only one thing—the country's entire population should not be frog-marched into a cashless economy or be forced to surrender their private and personal data.

It really does not make a difference whether the government sites were breached with hostile intent or were crippled by a technical glitch. What matters is the core concern—that even the most carefully guarded official data sites can come crashing down.

Websites are like the "skin" of the entire system, according to cyber experts, the possibility of sensitive data being leaked cannot be ruled out. Nobody denies that data protection in India remains a grey area. According to security software giant Symantec, India ranks third in the list of countries where the highest number of cyber threats were detected in 2017, and second in terms of targeted attacks.

The irony is that even Gulshan Rai, India's cyber security chief, candidly admits that frauds in ATMs and credit cards are rampant. He, personally avoids net banking transactions because, as he himself openly says, "I understand the issues involved".

Regarding the crash of the ministry websites, post-mortem reports and investigations by cyber sleuths will undoubtedly come up with explanations about what happened, how it happened, why the system failed and who is responsible.

But all that can wait. The common man has only one set of simple questions : Why is digitalisation being thrust upon the nation in such an authoritarian fashion? Why is the Modi government hell-bent on taking one billion citizens virtually by the scruff of the neck and shoving them into the electronic era with such unseemly haste?

The nation is entitled to ask in a plaintive voice—Why—are you so ruthlessly imposing enforced e-transactions, obligatory Aadhaar, mandatory electronic voting and compulsory GST filing?

Especially when one knows full well that i) the bulk of the population is not computer savvy; ii) state-of-the-art cyber security systems are repeatedly breached; iii) even the most advanced nations of the world are vulnerable to hacking attacks; iv) the entire Internet is awash with malicious bugs and viruses; v) data pirates are prowling the cyber highways with gay abandon; vi) foreign powers with sophisticated surveillance devices are watching your every move; vii) multinational corporations are stealing and selling private data as part of their business model.

Why? What is your intention? What's your game?

It is of course pointless to ask such questions and indeed naive to expect any rational answers. It is, however, educative to take a closer look at what happened on the day that three, or maybe more, websites of important central ministries crashed.

The frightening truth is that nobody really knows hacking of government websites is too complicated for even top bureaucrats to understand, let alone explain to the lay public. The senior-most IAS officers of the 1977 batch just smile and pass on all queues to their junior colleagues, preferably the post-2007 batch younger generation who are supposedly more tech-savvy. But they too shake their heads in tongue-tied embarrassment and point to the raw recruits of the 2016-17 batch.

Eventually, they do manage to issue a statement in standard bureaucratic language: "The system encountered a technical error. All efforts were made to identify the problem and restore the affected websites at the earliest".

Question: Can you confirm that the websites were hacked?

Answer: No hacking has taken place. It is a hardware-malfunction. This has caused the sites to go offline temporarily. Action has been initiated to rectify the error. Needless to say, every possible step required to prevent any such eventuality in the future—will be taken.

If top bureaucrats do not know what has gone wrong, then how can anyone expect the Ministers to be better informed? After all, they are mere politicians and public servants. That is why Defence Minister Nirmala Sitharaman caused some red faces in officialdom when she impulsively tweeted: "Action is initiated after the hacking of MoD website [http://mod.nic.in]. The website shall be restored shortly".

She had unwittingly admitted that it was a case of hacking—not just a technical glitch.

That apart, anyone logging onto the Ministry's website could have seen a prominent icon in Chinese script. Along with it was an Error Message that read: "This website has encountered an unexpected error. Please try again later".

Under that was some technical jargon that only computer geeks can comprehend: "PDO Exception. System error: 113. Lost connection to MySQL server at reading initial communication packet".

Requested to decode this in layman's language, some software engineers provided the following explanations and definitions:
i)    PDO Exception take place when the software that helps to merge databases into a singular package, gets jammed.
ii)   System error 113 simply means there is "no route to the server".
iii)  When a bug interferes with the software, it blocks access to the databases and connection with the server is lost.

Even after obtaining such dazzlingly clear clarifications, certain basic issues continue to puzzle ordinary citizens.
The first and biggest question is—if it is so easy for some third party to block access to the databases of even highly protected government websites, then is anything in the digital world safe from interference?

Flowing from this is another question: The Defence Ministry website displayed a Chinese symbol or message—does this not mean that the site was not only blocked but also broken into and extraneous content was loaded on to the Home Page?

The obvious corollary query is—Is this not hacking? If not, please inform the people of the country what the definition of hacking is; and, more importantly: How was it possible for some third party—whether foreign or domestic, whether with hostile intentions or just for fun—how was it so easy for an outsider to enter, block and deface the site with unwanted content?

The next question is both pertinent and sinister—Is the Government certain that the sites were only blocked and rendered inaccessible for a few hours? Could not the hackers also taken out data from the Ministry's databases?

The much scarier question that would follow is—What about top secret data inside the Defence Ministry, the Home Ministry, the Intelligence Agencies, the Financial Institutions of the country? Are they also vulnerable to third party intrusion and data theft?

raman.swamy@gmail.com

Frontier
Vol. 50, No.43, Apr 29 - May 05, 2018