Pune, June 19: Ethical hacker Harold D’Costa breaks into a government website and intimates them immediately so they can secure the systems
Guess how long it took ethical hacker Harold D’Costa to hack into the website of the Maharashtra Motor Vehicles Department? Just a minute. D’Costa, who is the director of Intelligent Quotient System, a city-based cyber security firm, demonstrated to MiD DAY how simply and quickly www.mahatranscom.in can be hacked.
According to D’Costa, websites written on SQL platform with open-ended codes can be easily hacked into with an SQL injection. Sitting comfortably in his own office on Wednesday, he first logged into the Maharashtra Motor Vehicles department website with an SQL Injection code. He then showed how several changes can be made to the website and saved it for other visitors to read. For example, one could easily change notices posted on the site or tamper with the rules and regulations for vehicle owners and taxation laws.
Training cops
Over the last one year, D’Costa has trained 1,600 policemen in the state to detect cyber crime. In fact, he says he even brought the matter to the attention of Additional Commissioner S V Thakur on June 1. Thakur explained to D’Costa that due to the unavailability of IT experts, he could not address the issue right way and would get back to him in 10 days.
D’Costa alleges that Thakur didn’t do so. Thakur said, “Yes, D’Costa had informed me that the site is vulnerable and needs to be secured. However, he was the one who was supposed to meet me and discuss the issue.” On Thakur’s suggestion, MiD DAY got in touch with Prasad Mahajan, deputy commissioner, who looks after IT-related work for the Motor Vehicles Department. Mahajan said, “We will make our website secure.”
D’Costa also brought this issue to the notice of DCP Rajendra Dahale who heads the cyber cell in Pune. Dahale said, “In a week’s time, we will write to the department and ask them to secure their website.”
Courtesy: Mid-Day