Hyderabad: The GHMC website is insecure and one should not enter passwords or bank details, says a notification by various web-browsers like Google Chrome, Mozilla Firefox and Internet Explorer. Cyber security experts often ask users to check if the website uses HTTPS (hyper text transfer protocol secure) security encryption in the URL as a safety measure. However, the GHMC website does not use this, which means anyone may be able to see or change the information that you send or get through this site.
The warning is worth looking at because in a worst case scenario, a man-in-the-middle attack can be done on the system. In such an attack, a hacker could pose as a destination site and trick you into handing over your credentials, credit card or debit card information and other sensitive information. Http is used for viewing web pages by transferring data from a web server to a browser. The problem is that the data is not encrypted, which means it can be intercepted by third parties, like hackers, to collect data being passed between systems. This issue can be easily addressed using a secure version called HTTPS.
Experts say that moving to https is free and simple. Ranjit Raj of Swecha Free Software Movement of India said, “It is never late to move from http to https. But if this site is not using a secure connection it should be made secure without any delay. There are several free https certificates provided by electronic frontier foundation like Letsencrypt, which help to make it secure.” This can be used by agencies for free. There will not be any inconvenience to the end users as well, they added
However, GHMC officials said that plans were already in place to make the website secure. The migration of database was expected to take at least six months. Additional Commissioner of GHMC, Mohammed Musharraf Ali Faruqui said, “Our database systems are secure. We had faced similar issues a couple of years ago, following which we increased our firewall security a year ago. So, even if the website is hacked, the systems are safe. Backend databases cannot be touched from the website.”
The Hyderabad Metropolitan Development Authority's website has been hacked thrice in the last two months because of which LRS, building and layout permissions were rejected in the past six months. Consequently, they moved it to a more secure state data center. Likewise, the GHMC property tax website was hacked in April.
GHMC IT department has about 40 modules which cater to the needs of the citizens. These modules are being redesigned which will take at least three months to complete.Only 30 per cent of the modules are in the state data center while the remaining modules are at the central data centre. “Some modules have been shifted to state data center. We are planning to shift all the modules to state data center, as and when we are designing new modules we are shifting it which would take at least six months,” Faruqui added.
