A 20-year old Indian student from Cornell University, USA, accessed the ICSE and ISC results declared last month, exposing to the world how unsafe our key information portals are
How safe are our web servers that host key information pertaining to results related to various entrance examinations in the State? More so, the servers of engineering and medical entrance tests which are construed as real test of a student’s merit and ranking. Some mischief by any hacker can play havoc with the lives of students.
These questions arise in the wake of a 20-year old Indian student from Cornell University, USA, ‘accessing’ ICSE and ISC results declared last month and exposing to the world how unsafe our key information portals are. In the process, he also exposed how marks were tampered to improve the performance of thousands of students and how the education boards fail to take measures to keep the sensitive information safe.
India-born Debarghya Das pursuing Computer Science at Cornell University did not rack his brains to break into the system but wrote a simple software programme and also analysed the results thus exposing the ‘grace’ marks added to all the students who scored 32, 33 and 34 to ensure that they touched the magic figure of 35 marks.
Will someone be able to access or hack the servers, which host marks and ranks of students taking various public and entrance exams in Andhra Pradesh?
Officials at the Jawaharlal Nehru Technological University (JNTU) rule out the possibility of hackers breaking into their servers that store key information pertaining to marks of entrance examinations or varsity examinations.
JNTU Hyderabad handles the Eamcet exam, which is taken by more than three lakh students in the State. “We never expose our database servers to outsiders. We copy the information on CDs or DVDs and host the same on various portals. Even if hackers play mischief with some web portals the original data is safe,” says V. Kamakshi Prasad, Professor of Computer Science at JNTU Hyderabad.
The database servers are placed in isolated environment and no web applications are loaded onto them. The network is designed in such a way that they cannot be connected to any computer outside. However, Prof. Prasad agrees that no system can be foolproof but constant monitoring of attempts to break into the servers and updating the firewalls on regular basis are good practices to be adopted. “In that sense we are very careful in adopting preventive measures and that is why till now our servers were never hacked,” he says.
The issue is not confined to just entrance exams but also results of SSC, Intermediate and degree courses of various universities that are hosted on the web. More than 12 lakh students appear for SSC and almost similar number for the two-year Intermediate course.
All top universities like Osmania, Andhra or JNTUs in Anantapur and Kakinada too adopt the same procedure and their numbers too run into lakhs. Given the magnitude of numbers involved it is all the more scary as hackers can play mischief altering marks on a large scale.
Officials of SSC and Intermediate agree that they lack the expertise to keep the information safe and secure and that is why the services of National Informatics Centre (NIC) are utilised as they have the expertise. Even some State universities prefer the services of NIC despite having their own computer science departments. “So far private parties have not been involved in the process thus reducing the scope for outside intervention,” an official explained.
Agreeing that moderation and grace marks was a common practice in the country, JNTU officials say that generally ‘raw’ marks are never copied onto the data base as it is confidential information. Only the final marks are stored in the database and they are copied and placed in the result portals of the university or private parties.