CERT-In website was down for 3 hours says report; Director General denies the claim

According to experts, the CERT-In website was down due to a distributed denial of service or DDoS attack.


Update: We had reached out to Sanjay Bahl, director general of CERT-In and we have updated the copy with his quotes

The Computer Emergency Response Team (CERT-In) is part of the Department of Electronics and IT and it is responsible for monitoring India's cyberspace from external hacker attacks. CERT-In's website was down for close to three hours on 14 March.

Experts who spoke to BusinessLine said that the CERT-In website was down due to a distributed denial of service or DDoS attack. This is the most common method used by hackers to bring a site down by bombarding it with multiple requests sent from hundreds of thousands of compromised computers from across the world.

It is a bit ironic that the entity which is tasked with the responsibility of responding to computer security related issues as they happen, was the one that was attacked by hackers. CERT-In is also tasked with the responsibility of collection, analysis and dissemination of information related to cyber attacks. It routinely comes out with guidelines, vulnerability reports, whitepapers to help individuals and organisations be prepared to counter attacks as well as mechanisms to report incidents in case of a cyber attack.

The CERT-In website could only come online intermittently, and it is not known if only the website was down or if the CERT-In data was compromised in any way.

According to the director general of CERT-In, Sanjay Bahl, there was no attack on the website. "I have the logs which do not show any instance of an attack by a hacker. We do not know why anyone would claim otherwise."

Bahl said that CERT-In is always prepared to deal with any sort of attack. "DDoS attacks are complex attacks. So multiple measures have to be taken. Right from the perspective of tools, processes, different technologies, the right people and so on. All sorts of things have to be put in the right place to ensure attacks don't happen. We do all these things," said Bahl.

The CERT-In website has a whole section on Vulnerability Notes, which are demarcated by year and month, which highlights the vulnerabilities on various online platforms. It is a good repository of information informing readers of the severity of the vulnerability, software attacked and a solution of the same.

CERT-In has reported over 50,000 cases of cyber security compromises in 2016, which is higher than 44,679 in 2014 and 49,455 in 2015. Over 50,300 cyber security incidents like phishing, website intrusions and defacements, virus and denial of service attacks were observed in the country during 2016. "As per the information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), a total number of 44,679, 49,455 and 50,362 cyber security incidents were observed during the year 2014, 2015 and 2016, respectively,” Minister of State for Electronics and IT P P Chaudhary said in a written reply to Lok Sabha.

More recently, the IT Ministry launched the Botnet Cleaning and Malware Analysis Centre to provide free anti-viruses to computers and mobile phones. CERT-In will collect data of infected systems and send it to ISPs and banks. These ISPs and banks will identify the user and provide them the link of the centre, launched in name of Cyber Swachhta Kendra. The user will be able to download anti-virus or anti-malware tools to disinfect their devices. As of now 58 ISPs and 13 banks have come on board to use this system.

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.