Some Indian government websites continue to allow the planting of scammy links on their official domains — months after TC reported the issue last year.
TC found more than 90 “gov.in” website links associated with Indian government departments, including the Indian Council of Agricultural Research and India Post, as well as state governments and councils of Haryana and Maharashtra and others, were redirecting to sites linked to online betting and investment scams. Search engines like Google have indexed the scam links hosted on government sites, increasing the risk of regular internet users finding them.
In May, TC reported that around four dozen Indian government website links were redirecting to online betting platforms. India’s cyber agency, the Computer Emergency Response Team, known as CERT-In, escalated the matter at the time. However, it remained unclear whether the government had fixed the underlying flaw that the scammers were exploiting to plant their links.
Deedy Das of Menlo Ventures, among others, posted on social media platform X this week about the issue resurfacing, indicating that the hacked pages are widespread.
Security researcher Bob Diachenko told TC that the issue may have resurfaced due to a compromise in the websites’ content management system (CMS) or server configurations.
“If only the symptoms (e.g., malicious content) are removed without addressing the root cause (e.g., vulnerability or backdoor), attackers can reintroduce the issue,” Diachenko said, adding, “It is not a very challenging exercise but requires some downtime and efforts.”
Earlier this week, TC contacted CERT-In with a few affected links. The agency did not respond to the email, though the links started showing a “page not found” error at around the time of publication.