BSNL, ISRO cases show India not a country for ethical hackers - <b>Technical Lobby</b>

Tuesday, March 13, 2018

BSNL, ISRO cases show India not a country for ethical hackers

BENGALURU: Indian ethical hackers are reaching out to Baptiste Robert, a French cyber researcher, to alert firms of flaws in their online assets as they fear local laws in the country does not give them protection for calling out such vulnerabilities.
BSNL, ISRO cases show India not a country for ethical hackers

Organisations such as Bharat Sanchar Nigam (BSNL), the India Post and Indian Space Research Organisation (Isro) have fixed those flaws after Baptiste Robert flagged the chinks in their online assets.

Ironically, Indian online security researchers had alerted these organisations several months ago about the gaps exposing sensitive data online.

In Isro’s case, it was to one of the computers in its satellite-tracking unit, while in BSNL’s case, it was employee data from its intranet and at India Post, it was employee bank details. These organisations acted on Robert’s tweets that pointed to the flaws but had remained unattended when local researchers had flagged them.

“In most cases Indian organisations ignore our mails. Sometimes they quietly patch the flaw that is reported without any acknowledgement,” said Sai Krishna Kothapalli, a security researcher who reported flaws in BSNL’s intranet system that allowed access to official records of close to 47,000 staff 25 months ago.

Currently, India lacks laws that protect researchers who expose security flaws. “The IT act makes it quite clear that anyone who gains unauthorised access to a computer resource is guilty or liable. The crime is defined in the context of unauthorised access,” said Rahul Matthan, Partner at Trilegal, and an attorney who specialises in Technology.

The mechanism of reporting security flaws has not evolved yet in India. “There are people in India who are ready to report but they fear reporting. There is also a possibility they could be tipping off Baptiste (Robert),” Kothapalli said.
Post a Comment