How an Indian college graduate hacked ICSE, ISC results website

The way Debarghya Das writes it, he hacked into the Indian education system for a lark. Two of his close friends were waiting for their ICSE and ICS results. The nervous students asked Das, a Cornell University graduate, to do them a favour – would he mind hacking into the board result website so that they could know their results a day earlier?

Several hours later, Das was finished. In front of him he had the results of an entire year’s worth of ICSE and ICS results. Over 2,00,000 Indian students’ results, names, schools and dates of birth were revealed to him. Without any fancy programming or a highly trained team, a college graduate (albeit one who is now interning at Google) with just a URL, was able to compromise the behemoth that is our educational system.

Das seemed confused about how easy it was. “I had all the ISC and ICSE results on my very own computer, in a bunch of comma-separated value files,” he writes. “It was truly incredible. It was 26 megabytes of pure, magnificent data. An Excel file I couldn't scroll to the bottom of. Just for kicks, I Ctrl+F'd a few names I knew and what do you know? There they were. Line after line of names, subjects and numbers. It was truly mesmerising.”

Representational image. AFP

Representational image. AFP

This is a story straight out of hyphenated Hollywood, but instead of romantic-comedy-drama, it’s a thriller-horror-documentary.

There’ve never been many positive things to say about the Indian educational system. It’s a life or death matter, quite literally at times.

But now, as the system attempts to lurch forward into the future with results being posted online, such ‘progress’ has only succeeded in opening a new can of worms.

Today, thousands of students who were attempting to register for Delhi University's new four-year course were stuck for hours because of a technical glitch. Previous problems with the online system have been comparatively minor - what’s a technical glitch at Pune University when compared to the virtual trapdoor that Das slipped through? It’s every tense student’s dream, but it should be our collective nightmare. The leap of faith we undertake as a society when we entrust a generation’s future with a rickety, outdated educational system has just been confirmed – if we needed it – as a suicide mission.

India’s cyber security is notoriously weak. For a long time, this has been credited to a lack of cyber expertise. We just don’t have enough trained personnel to man the various forays made by the country’s institutions into the online world. Calls for advancement and digitalisation are all well and good, but without the required infrastructure, it’s a fool’s errand.

Das’s account released today, the same day that China retaliated to US’s claims of high-tech hacking originating from Chinese soil, claiming that they have “mountains of data” to prove that US hacking has been aimed at China. If there’s any ground to India’s claims of being a world player, it’s the runt of the playground. It can’t even keep a tight lid on high school exam results.

There are steps being taken. Just a week ago, the PMO sanctioned Rs1,000 crore to combat cyber-attacks. The plan will include the setting up of new agencies and coordination cells to improve responses to threats. Besides this, a cyber security policy was announced last month and approved by the Cabinet Committee on Security.

But policies and agencies, committees and four-year plans are notoriously shaky endeavours in our country. The cyber security situation needs an immediate redressal in the form of large-scale recruitment of trained individuals. We’re already online, and so are our board exam results, the supposed foundations of our futures.

Guess what? Our future’s been hacked.

Published Date: Jun 06, 2013 05:28 pm | Updated Date: Jun 06, 2013 05:33 pm

Also See