India plans tougher security measures for 300k govt officials

The Centre is planning tougher security measures including mandating multi-factor authentication for an estimated 300,000 government officials in the wake of multiple cyberattack attempts through compromised government domain email addresses, according to officials aware of the development.

This comes in the backdrop of a slew of cybersecurity attacks on government domains over the past few months. HT in February reported about phishing emails using compromised government accounts to target groups of officials.

"We are planning two-factor authentication on a war footing for all 3 lakh estimated govt IDs across our network to ensure security is not compromised in the event of any cyberattack. End-user awareness is also very important to thwart malware attacks," a senior official said.

Two-factor authentication refers to an electronic user authentication method in which a device user is granted access to a website or application only after successfully presenting two or more pieces of evidence, mostly including phone numbers that receive a verification code for logging in.

At least two more phishing attacks using compromised government @gov.in email addresses issued by the National Informatics Centre (NIC) were reported last week, HT has learnt.

One of the phishing emails sent to several government officials last Wednesday appeared more sophisticated in nature; it was marked to several government officials with the picture of a woman attached with it and asked users to click on a link claiming it as her resume.

The other phishing email seemed rudimentary in comparison with the claim of a bitcoin prize, seeking users to click on a link to claim it. HT has reviewed the emails.

The attack prompted the government's IT departments to send out an alert.

The NIC on Friday issued another alert to government ministries regarding the malware in the link asking officials to delete the mails.

"The email contains a web-link and entices email users to click on the web-link. This is to mention that web-link is phishing in nature. When user clicks on the web-link, a phishing login page similar to that of www.email.gov.in will open… From the security point of view, before opening/responding to any email, all email users are requested to check sender, other receivers, subject & relevance of the such emails," the alert said.

Altogether, HT is aware of six NIC domain addresses – five with @gov.in suffixes and the sixth with @nic.in – that have been used to launch cyberattacks.

"All compromised emails were blocked immediately. There was also no compromise or loss of data reported," the official said. The government suspects several compromised government domain email addresses may have been sold by hackers on the dark web. The dark web is a part of the internet that isn't indexed by search engines such as Google.

The NIC runs the official email service for the government, handing out addresses with the two domain names. Employees and officers under the Union and state governments as well as those in state-owned companies are eligible for accounts.

The process to obtain one follows a multilayer verification system that requires approvals by designated NIC authorities attached with the ministries these employees work for or come under.

On February 25, HT reported about new phishing emails using compromised government accounts to target groups of officials, attempting to lure them into sharing their passwords on a page that mirrored the government's official mail server sign-on website.

The incident leverage compromised @gov.in or @nic.in email addresses issued by the NIC, which may be more successful in luring the targets into sharing sensitive information.

On February 21, HT reported the devices of multiple former defence personnel may have been compromised in a phishing attack launched through similar attacks carried out by government domain email addresses.