University and college websites are more prone to hacking than other sites

University and college websites are more prone to hacking than other sites. A quick search using a query on Google revealed several university websites having been hacked and some left unattended for years.

Some of these websites are from IIT-K, UoH, Engineering College in Hyderabad and BE.d College of Kamareddy. A fortnight ago, the IIIT-H research website was defaced by hackers.French security expert Robert Baptiste on Tues-day ran a query using the string “ac.in” which exposed several websites which have been defaced by hackers. “Yesterday, someone defaced the website of an Indian university with a HBD message. Unfortunately, this is som-ething very common in India. Some of these websites were hacked three years ago”, he pointed.

Universities and colleges in India use ac.in, edu.in, res.in as domain names. When this newspaper ran the query provided by Robert on edu.in and res.in, several hacked pages were displayed.University and college websites are often kept open and not maintained properly. The software used by colleges is not updated regularly. Consequently hackers find them easy targets. “It happens very often with colleges and universities. By nature colleges and universities are very open when it comes to research and collaborations. They tend to put out everything in the open. Almost all universities have IT teams which maintain an inventory of servers, especially the ones which are public facing. It becomes difficult to keep track of servers that are on public domains and check if they are using the right version of software”, said Ramesh Loganathan said who heads the Co-Innovation Practice at IIIT-Hyderabad. Generally big universities have an internal network and have explicit processes to get onto the internet.

A Cyber security expert said “Hackers are aware of the vulnerabilities and are always waiting to find an entry point to deface website. Students don’t tend to update their projects with latest patches. They continue working on it because they are students and not cyber security experts. Some of these are merely static pages which can be taken down. More-over, in small colleges, the websites are sometimes developed by students themselves and lack proper audits by the IT team.”

Experts opine that student project servers shouldn’t be connected to the internet so  easily, while institutions continue to audit all their servers regularly.  “If we clamp down it will hurt the spirit of collaboration. In IIIT-H we have an inventory of servers which are public facing. We do an audit of the servers regularly,” Mr Loganathan said.