Kollam: A serious security breach has been reportedly detected in the computer network of the Secretariat in Kerala. Curiously, the government has buried the probe report of agencies which carried out a security audit in an apparent attempt not to part with details that could help hackers.
The SecWAN, the computer network linking the various departments in the Secretariat, is suspected to have been infiltrated even by foreign hackers. The presence of malicious software, including remote control software, was reportedly detected in some computers. This has even affected the functioning of the e-office software, which is used for transferring files.
The probe report was submitted by an expert agency, deployed the government.
However, the state government is not ready to make this report public over claims that it would affect the internal security of the Secretariat. In reply to a Right to Information (RTI) query, the IT department has made it clear that the details and recommendations in the report are highly confidential.
The government decided to carry out a study after noticing that the e-office system has been crashing during the month of March in recent years. As per an order (number GO (Rt)No.73/2019/ITD) dated April 11, 2019, the government entrusted a private company in Thiruvananthapuram to carry out a security audit and study about the issues, including infiltration. This institution is recognised by the Indian Computer Emergency Response Team (CERT-In), which falls under the Union Ministry of Electronics and Information Technology.
The Centre for Development of Advanced Computing (C-DAC), a central government agency, was also entrusted to carry out a complete audit (360-degree audit) on the network system, database of the e-office/application servers, network links and network gateway, as per the order (number GO (Rt)No.115/2019/ITD) dated June 6 of the same year.
Both the agencies carried out the study over several months, before submitting their reports to the IT department.
Justifying its move to not to release the reports, the IT department said that if the details are revealed, then the hackers can easily infiltrate the network. The private agency had reportedly detected loopholes in the computer network that can be used to leak information.
The reports also reportedly included references to suspected payloads set up by remote control software in the computers of certain key seats in the Secretariat.
However, there was allegedly a move to make it appear that there was no security breach but just malfunctioning of the software.