Indian Government Websites Redirecting to Scam Sites

Continued Presence of Scam Links on Indian Government Websites
Despite previous reports, several Indian government websites are still vulnerable to the insertion of malicious links. These links redirect users to fraudulent sites, a problem initially highlighted months ago by TechCrunch.
Discovery of Malicious Redirects
An investigation by TechCrunch revealed over 90 links on “.gov.in” domains – belonging to entities like the Indian Council of Agricultural Research and India Post – are now directing traffic to websites associated with online betting and investment scams.
This poses a significant risk, as major search engines, including Google, have indexed these compromised links. Consequently, unsuspecting internet users are more likely to encounter them during routine searches.
Initial Reports and Response
In May, TechCrunch initially reported approximately four dozen Indian government website links redirecting to online betting platforms.
The Computer Emergency Response Team (CERT-In), India’s cyber security agency, acknowledged the issue and initiated an investigation. However, the fundamental vulnerability enabling these malicious redirects remained unresolved.
Resurgence of the Problem
Recent posts on the social media platform X, including one from Deedy Das of Menlo Ventures, indicate the issue has re-emerged. This suggests the compromised pages are widespread across various government domains.
Potential Causes of the Vulnerability
Security researcher Bob Diachenko suggests the problem’s recurrence may stem from a compromise within the websites’ content management system (CMS) or incorrect server configurations.
Diachenko explained that simply removing the visible signs of the scam doesn’t address the underlying issue. “If only the symptoms are removed without addressing the root cause, attackers can reintroduce the issue,” he stated. Addressing the problem requires downtime and dedicated effort.
Recent Communication and Initial Remediation
TechCrunch recently contacted CERT-In, providing examples of affected links. While the agency did not immediately respond to the inquiry, many of the reported links began displaying “page not found” errors around the time of publication.
This initial response suggests some remediation efforts are underway, but the long-term effectiveness remains to be seen.
- Key Issue: Continued presence of scam links on official Indian government websites.
- Affected Entities: Indian Council of Agricultural Research, India Post, and various state governments.
- Risk: Increased exposure of internet users to online betting and investment scams.
- Root Cause: Potential vulnerabilities in CMS or server configurations.
Related Posts

NHS England Data Breach Confirmed by Tech Provider

Cisco Zero-Day Exploit: Chinese Hackers Targeting Customers

Pornhub Hacked: User Data Extorted by Hacking Group

Google and Apple Release Emergency Security Updates

700credit Data Breach: 5.6 Million Affected
