Fragile security measures, design blamed

Hacking of govt websites

Faulty designs, along with fragile security measures, have made the government websites of the country an easy prey for hackers, warned experts.
In the last two years, several of the government websites were repeatedly hacked by local and foreign hackers. Though the sites were restored after a short while, experts fear that if web security is not strengthened, then the sites can be destroyed.
Several postings on the social media, including Facebook and Twitter, have reported an on-going cyber war between some hackers group of India and Bangladesh. The postings also confirmed that the hackers from both the countries have mostly targeted government websites.
In the last year, 10 Bangladeshi government official websites, including that of the ministries of education and of science and technology, were hacked by an Indian hacker known as ~SaHoo~. The reason mentioned for the attack is hacking against four Indian police websites by a Bangladeshi hacker known as 'ACID KHAN'.
At the beginning of this year, the Indian hacker group 'Yamraaj' has hacked and defaced the official website of Bangladeshi Prime Minister's Office dealing with the NGO Affairs Bureau (NGOAB) (www.ngoab.gov.bd) along with two other government sites of Bangladesh Handloom Board (www.bhb.gov.bd) and Bangladesh Council of Scientific and Industrial Research (www.bcsir.gov.bd).
In March 2013, Indian hackers 'Indishell' took down 38 Bangladeshi government websites, including those of the ministries of communications, youth and sports, and primary and mass education, and the Trading Corporation of Bangladesh.
On June 4, 2014, the official website of Bangladesh’s Cabinet Division was hacked by an Indian hacking group while the Cabinet secretaries of eight SAARC countries were in Dhaka to attend a two-day meeting.
The Independent spoke to a number of web designers and programmers. All of them opined that the government sites were being hacked due to their poor design and maintenance.
Julfiqar Ali Bhuiyan, an award-winning freelance web designer, told The Independent that the hackers chose the government websites because of their poor security.
“While designing a site for the purpose of e-commerce, web security is given the highest priority, as there are economic transactions involved. But government websites are mostly designed to disseminate information about the respective entities, so strong security is mostly ignored,” he said.  

Bhuiyan said the main problem with the country’s government websites is that all of them are under the same server. “So, if a firewall of one of these is breached, the rest become vulnerable as well,” he explained.
He opined that the government sites could be made safe through VPS hosting. Explaining VPS hosting, he said VPS is inherently more secure due to its separation from other sites.
“Also, you can create custom firewalls and install other security measures that most hosts will not allow on shared accounts. Basically, a VPS allows you to take a more active role in your website’s security,” he said.
Another programmer, however, said the sites do not need costly VPS hosting to beef up security. Just by downloading the newest versions and updates of Windows, WordPress, and antivirus platform, the applications or website can become hard to crack.
The programmer also said that instead of open access scripting language like PHP, designers should go for suPHP. With suPHP, access is limited to the user or to those explicitly granted permission, he explained.
Mahbub Jaman, former president of the Bangladesh Association of Software and Information Services (BASIS), said each government entity has dedicated personnel to maintain and update their respective websites. Unfortunately, one can find that the sites are neither updated at the front end (user view), nor in the backend (administration).
“By maintaining simple practices such as updating any of the server security patches, changing the password at the admin panel on a regular basis, and hiding the panel, could make the sites more strong,” he opined.

Fragile security measures, design blamed

Hacking of govt websites

Faulty designs, along with fragile security measures, have made the government websites of the country an easy prey for hackers, warned experts. In the last two years, several of the government websites were repeatedly hacked by local and foreign hackers. Though the sites were restored after a short while, experts fear that if web security is not strengthened, then the sites can be destroyed. Several postings on the social media, including Facebook and Twitter, have reported an on-going cyber war between some hackers group of India and Bangladesh. The postings also confirmed that the hackers from both the countries have mostly targeted government websites. In the last year, 10 Bangladeshi government official websites, including that of the ministries of education and of science and technology, were hacked by an Indian hacker known as ~SaHoo~. The reason mentioned for the attack is hacking against four Indian police websites by a Bangladeshi hacker known as ACID KHAN. At the beginning of this year, the Indian hacker group Yamraaj has hacked and defaced the official website of Bangladeshi Prime Ministers Office dealing with the NGO Affairs Bureau (NGOAB) (www.ngoab.gov.bd) along with two other government sites of Bangladesh Handloom Board (www.bhb.gov.bd) and Bangladesh Council of Scientific and Industrial Research (www.bcsir.gov.bd). In March 2013, Indian hackers Indishell took down 38 Bangladeshi government websites, including those of the ministries of communications, youth and sports, and primary and mass education, and the Trading Corporation of Bangladesh. On June 4, 2014, the official website of Bangladeshs Cabinet Division was hacked by an Indian hacking group while the Cabinet secretaries of eight SAARC countries were in Dhaka to attend a two-day meeting. The Independent spoke to a number of web designers and programmers. All of them opined that the government sites were being hacked due to their poor design and maintenance. Julfiqar Ali Bhuiyan, an award-winning freelance web designer, told The Independent that the hackers chose the government websites because of their poor security. While designing a site for the purpose of e-commerce, web security is given the highest priority, as there are economic transactions involved. But government websites are mostly designed to disseminate information about the respective entities, so strong security is mostly ignored, he said. Bhuiyan said the main problem with the countrys government websites is that all of them are under the same server. So, if a firewall of one of these is breached, the rest become vulnerable as well, he explained. He opined that the government sites could be made safe through VPS hosting. Explaining VPS hosting, he said VPS is inherently more secure due to its separation from other sites. Also, you can create custom firewalls and install other security measures that most hosts will not allow on shared accounts. Basically, a VPS allows you to take a more active role in your websites security, he said. Another programmer, however, said the sites do not need costly VPS hosting to beef up security. Just by downloading the newest versions and updates of Windows, WordPress, and antivirus platform, the applications or website can become hard to crack. The programmer also said that instead of open access scripting language like PHP, designers should go for suPHP. With suPHP, access is limited to the user or to those explicitly granted permission, he explained. Mahbub Jaman, former president of the Bangladesh Association of Software and Information Services (BASIS), said each government entity has dedicated personnel to maintain and update their respective websites. Unfortunately, one can find that the sites are neither updated at the front end (user view), nor in the backend (administration). By maintaining simple practices such as updating any of the server security patches, changing the password at the admin panel on a regular basis, and hiding the panel, could make the sites more strong, he opined.