tech2 News StaffMay 06, 2016 08:00:45 IST
While earlier reports pointed out stating that the Indian Railway Catering and Tourism Corporation's (IRCTC) website was hacked, turns out, it was not. The IRCTC themselves have come out stating that their website was not hacked, but that some data in the name of IRCTC is in circulation.
CNN-News18 connected with IRCTC PRO Sandip Dutta, who commented on the issue, "Three days ago, IB cyber cell, Mumbai informed us that some data in the name of IRCTC is in circulation. We have set up a committee which is probing this."
Earlier reports even cited a source from the IRCTC stating how the stolen data could be used to create forged documents. Another source also claimed how the stolen data that contains, PAN card details and addresses of each and every customer could be sold to corporations to target customers. Indeed, the data is valuable, but for now users can be sure that the website was not hacked.
Dutta added that the Railways will be looking into the data as soon as the Cyber Cell gets a copy of the same. So for now, it has yet to determine whether the leaked data belonged to the IRCTC. As for the website, Dutta says that it is "absolutely fine". The IRCTC has also informed the Maharashtra Government and railways about the same.
Breach or no breach, this sort of an attack is highly probable and can have far-reaching effects. Speaking on the matter to Tech2, Sanchit Vir Gogia, Chief Analyst and CEO at Greyhound Research says, "Things like security breaches are already happening all year round. It's not something new. The sad part is that companies, be it public or private, are not prepared to handle anomalies like this and it's just a matter of what gets reported when. In case of IRCTC, there is a serious gap in planning that needs to be plugged. They cannot afford to get complacent about matters of security."
"IRCTC keeps talking about improving experience, but there is hardly any mention of the security aspect of the website. Security attacks are ever-changing - it's a moving goal post. The only way to address it is regular auditing of product, people and processes. Companies cannot afford to let go once they have set up a website, new technology and defence systems need to be put in place regularly. This holds especially true for IRCTC where the scale of impact is so huge," shares Gogia.
Sharing the same sentiment, Sudeep Das, SE Manager - India and SAARC for RSA says, "New and increasingly sophisticated ways to perpetrate fraud are constantly being developed and deployed. This makes it extremely difficult to keep pace with the individual fraud attempts targeting an organisation's website. The hackers use business logic abuse mechanisms to hide within legitimate traffic but in a manner unintended by the site owner. Such sophisticated attacks often go unnoticed by either Web Application Firewalls or Log Analysis tools. It seems the same has happened in case of IRCTC hack."
Speaking about measures to counter such attacks, Das adds, "The traditional Web Application Firewall technologies needs to be augmented with Behavioral Intelligence to hunt these attacks in real time and respond to them quickly. Need of the hour is to detect quickly and respond even quicker before there is a major damage to business."
Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.