The Indian Railway Catering and Tourism Corporation (IRCTC) on Thursday denied reports that its website had been hacked.
IRCTC is one of the largest e-commerce firm in the country with three crore active registered users. On an average, the website issues 5.5-6 lakh tickets per day.
“IRCTC website was not hacked and is functioning properly,” Sandip Dutta, IRCTC public relations officer, told IANS. “Passengers are able to book tickets through the website.”
The denial by the IRCTC came following some reports in the media that a large volume of data had been stolen from the state-owned firm’s website.
According to sources, the matter came to light when the Cyber Cell of the Mumbai police informed IRCTC that a large volume of data from its website was stolen.
“We asked the Cyber Cell to provide us with the data, that they claim belongs from our website. Once we have the data, proper verification would be conducted,” Dutta said.
IRCTC has also formed a six member high-level committee to look into the matter.
The IRCTC website contains vital information pertaining to passengers who book train tickets and avail other services through it.
IT industry reacts
Sudeep Das, SE manager – India and SAARC, RSA
New and increasingly sophisticated ways to perpetrate fraud are constantly being developed and deployed. This makes it extremely difficult to keep pace with the individual fraud attempts targeting an organization’s website. The hackers use business logic abuse mechanisms to hide within legitimate traffic but in a manner unintended by the site owner. Such sophisticated attacks often go unnoticed by either Web Application Firewalls or Log Analysis tools. It seems the same has happened in case of IRCTC hack.
The traditional Web Application Firewall technologies needs to be augmented with Behavioral Intelligence to hunt these attacks in real time and respond to them quickly. Need of the hour is to detect quickly and respond even quicker before there is a major damage to business.
Vivek Chudgar, senior director for Mandiant for Asia Pacific
When a massive data breach like this is alleged, the first thing organizations must do is carry out a proper forensic investigation to validate the claim. Once a breach is confirmed, it’s important to to quickly investigate exactly what was stolen, the impact to the business and its customers, how the attacker gained access, and if the incident is contained. The skills required for this are beyond what most organizations have in-house.
When Mandiant undertakes investigations like this, we use advanced forensic techniques to reconstruct every step the attackers took. While often times the first inclination is to blame insiders, Mandianta, a FireEye Company, often finds that outside attackers are solely responsible.
