Hacker needs few seconds to forge graduation results

LUCKNOW: How much time does it take to forge a graduation result? It may sound incredible but a hacker can do it in a few seconds.
Sharing an exclusive video with TOI, Kanpur-based hactivist Rahul Singh showed how results of around 170 colleges affiliated to the Chhatrapati Shahu Ji Maharaj University (CSJMU), Kanpur, can be altered on its website within no time.Rahul has full access to the university’s database for past two years. In fact, in 2013, he detected major bugs in the university’s system and even informed its officials but nothing was done to fix them.
Rahul, a self-styled ethical hacker, claimed that when he informed the university officials about the bugs on Wednesday again, they were taken aback and later acknowledged that they received a mail from him in 2013.
“I managed to find a bug in their system in early 2013. I prepared a case file and informed the university officials of the serious fallouts in their system. I thought they managed to secure the system. But while checking the systems again last week, I found that nothing was done even after my detailed report. So I thought the public should know how a scam could be in the making if such sensitive data becomes accessible to any anti-social element,” Rahul said. TOI has a copy of the e-mail with the report.
CSJMU officials, however, denied having any information about data compromise. “The website is opening normally. We have not received any intimation about any bugs in our system,” said university’s system manager SK Dwivedi. He expressed shock when told that the ethical hacker could change the database and alter the results of thousands of students studying in the university.
CSJMU vice-chancellor JV Vaishampayan said he was unaware about any security lapse but promised to look into it. “I don’t have prior information but we will take corrective measures. This is an alarm bell for us and we will surely do everything to protect the sensitive information stored in our servers,” he said.
Rahul’s video shows how within seconds the results of any student of the university could be altered permanently. He said CSJMU’s system security was heavily flawed and not ready for storing any sensitive information. “They used plain text passwords to protect the massive data. Besides, the data was on a public IP. Just imagine if this was cracked by some anti-social element. It would impact the future of scores of students,” Rahul said. “I think before you start saving sensitive information on the servers, the system security should be one of the top priority. But many web administrators skip this vital factor and thus cases of hacking and information compromise happens,” he added.
Rahul, along with two friends, Devjeet Singh and Akash Shukla, is part of the hall of fame of Microsoft, Adobe, Yahoo! and other top companies for finding security bugs. “We have helped Microsoft, Yahoo!, Adobe, Nokia and other companies to find security bugs and received monetary award for the same,” he shared.