In yet another instance of growing cyberattacks on government infrastructure, hackers have compromised a number of websites, causing them to redirect to Indian Premier League (IPL)-related betting sites.
The hacking campaign targeted specific web pages of the Indian Council of Agricultural Research (ICAR) and the Bengaluru Water Supply and Sewerage Board (BWSSB). When users clicked on these websites, they were automatically redirected to a website called ipln8.com. These compromised websites can still be found indexed when searched on Google.
Hyderabad-based cybersecurity researcher Sai Krishna Kothapalli discovered this issue and notified the Indian Computer Emergency Response Team.
Moneycontrol's attempts to reach out to ICAR or BWSSB, with specific links to such compromised websites, did not evoke any response. The links that were sent to the government bodies as examples of compromise have since been quietly disabled.
[caption id="attachment_10652231" width="1067"]
While all compromised BWSSB-related websites seemed to have been removed, a few compromised ICAR websites were still operational as of 1:15 pm on May 24.
While explaining the issue, Kothapalli said, "I was searching on Google for a different vulnerability when I happened to notice that a website with.gov.in domain was throwing text that was completely unrelated to the website. So, when I clicked the link, it redirected me to a betting site."
[caption id="attachment_10652241" width="958"]
"I wanted to figure out why this was happening. So I checked its HTML code, but there was nothing suspicious about it. However, it is only when you click the link from Google search that a special JavaScript is executed, which redirects to the gambling website," he explained.
"And this clearly shows somebody else has access to the server, because otherwise writing this kind of logic wouldn't be possible," he added.
The motivation behind the hack
Kothapalli explained that certain websites have a referral code incentive system, which works this way: A user of the website can send referral codes to onboard more people. If a new user registers on that website using that referral code, then the original user will receive some incentives.
"So most gambling websites have a very good referral percentage, like 40 per cent. So somebody is sending the traffic to the gambling website so that if anybody uses the site, they get some percentage of the money. So it's not like the gambling website did it, It's like somebody wants to use the referral percentage," Kothapalli explained.
Although this was a seemingly harmless hack, Kothapalli warns that if not mitigated, these attacks can escalate to steal sensitive user details from such websites.
"Right now these attacks are limited to smaller websites. But what if bigger government websites are targeted? People do not realise that by injecting such codes, you can just not redirect to gambling websites but also steal user ids, passwords, usernames and so on," he warned.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
