Some Indian government websites have allowed fraudsters to plant ads capable of redirecting visitors to online betting platforms.
TechCrunch discovered about four dozen “gov.in” website links related to Indian states including Bihar, Goa, Karnataka, Kerala, Mizoram and Telangana that redirected to online betting platforms. Some of these websites are owned by state police and property tax agencies in their respective states. The fraudulent links were indexed by search engines, including Google, making it easy to find the ads online.
The redirect sites, touted as “Asia’s most popular” online betting platform and “India’s number one online cricket betting app”, claim to allow betting on games including cricket tournaments like the Indian Premier League.
It is not clear how the fraudsters placed the ads on Indian government pages or for how long the links were redirecting to the online betting platforms.
After spotting the issue earlier this week, TechCrunch notified India’s Computer Emergency Response Team, known as CERT-In, about the cancellation and provided some affected state government website links for reference.
Shortly thereafter, India’s cyber agency acknowledged receipt of the email, and on Thursday CERT-In confirmed it had escalated the matter.
“We have discussed with the appropriate authority the appropriate actions,” the agency said in an emailed response. It is unclear whether the flaw that allowed backdoor access to state government websites has been fixed.
Last June, TechCrunch reported that scammers had posted ads for hacking services on US government websites as a security flaw in the government’s Web Content Management System software. Some of these ads appeared to be available online for years.
