Indian Internet users alerted against suspect digital signs
New Delhi: Cyber security sleuths have alerted Internet users in the country against phishing attacks from suspect digital signatures which got "unauthorisedly" issued through the state-owned National Informatics Centre (NIC).
The digital signatures also known as Secure Sockets Layer (SSL) is the electronic equivalent of a bonafide signature of an individual, organisation or an entity which is used to conduct secure business and transactions over the Internet.
The NIC`s Certifying Authority (NIC-CA) is the premier government authority for issuing digital signatures or SSLs to genuine users in the country.
The latest "high" category alert has been issued by the Computer Emergency Response Team-India (CERT-In) which is the nodal national agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.
The agency has issued the alert at a time when the annual Income Tax Returns filing season is on and lakhs of taxpayers would be using Internet to file their tax statements.
"Certain SSL certificates have been unauthorisedly got issued through National Informatics Centre-CA (NIC-CA). These certificates could be exploited by remote attackers to spoof content, perform phishing attacks or perform man-in-the-middle attacks," the CERT-In said in its advisory to users.
A remote attacker, the agency said, could use these certificates (digital signatures) to spoof content, perform phishing attacks or man-in-the-middle attacks against web properties.
While phishing is an illegal attempt on the Internet to acquire sensitive personal information such as user name, password and credit card details by masquerading as a bonafide entity, a man-in-the-middle attack denotes an illegal eavesdropping and subsequent stealing of an user`s communication by the hacker or attacking virus.
The agency said all systems using various Windows operating systems from Microsoft have been affected due to malfunctioning.
"Microsoft is updating the Certificate Trust list for all supported releases of Microsoft Windows to remove untrusted certificates," the advisory said.
The government and NIC-CA confirmed the development.
"Due to security reasons NIC-CA is not issuing certificates as of now. All operations have been stopped for some time and are not expected to resume soon. DSC application forms will not be accepted till operations are resumed and further instructions will be issued thereafter. Inconvenience caused is regretted," a July 3 post on the official website of the NIC-CA (www.Nicca.Nic.In) said.
The government had yesterday said it was looking into the matter raised by tech giants Google and Microsoft which had complained that the NIC has issued unauthorised digital certificates.
As a counter-measure, the cyber security agency has asked Internet users to "apply appropriate updates as mentioned in Microsoft Security."
The I-T department has recently asked the taxpayers to be aware against any suspect mails using its name in an unauthorised manner.
A digital certificate contains certificate holder`s name, a serial number, expiration dates, a copy of certificate holder`s public key (used for encrypting messages and digital signatures) and digital signature of the CA so that a recipient can verify the certificate.
More from India
More from World
More from Sports
More from Entertaiment
- Indian Army conducts surgical strikes across LoC: Watch DGMO Lt Gen Ranbir Singh's PC
- Exclusive: This is what Kashmir's stone pelters have to say!
- Panel discussion on 'Most Favoured Nation' status India accorded to Pakistan in 1996
- Will India's SAARC summit boycott change Pak's attitude towards terrorism?
- Former bureaucrat BK Bansal commits suicide along with his son at Delhi residence
- SETBACK! Sedition case against 200 Congress workers for shouting 'Pakistan Zindabad' slogans during rally for Uri martyrs
- What is surgical strike and how it is conducted - MUST KNOW for every Indian
- US NSA Susan Rice calls Ajit Doval, says 'expect Pakistan to take action against terror’
- Did Arvind Kejriwal tweet in favour of Pakistan over Uri attacks? Here is what Twitter says
- WATCH: At 430/9, India needed 24 runs to avoid follow on. What Kapil Dev did next will blow your mind!