Over a week after it was allegedly hacked on March 5, the website of the world’s largest political party, the Bharatiya Janata Party, was still down today with “maintenance mode” on display.

On Tuesday the mystery over the website’s disappearance deepened when India’s information technology minister and BJP leader Ravi Shankar Prasad finally admitted that the site was hacked for a “few minutes”. He didn’t indicate when the site is expected to be back. Interestingly, on March 7, BJP’s IT cell head Amit Malviya had claimed that the website was down due to “technical glitch”, not because it was hacked, even as screenshots of the non-functional portal were full of abusive messages and memes of Prime Minister Modi along with German Chancellor Angela Merkel.

Cyber-security expert Nandkishore Harikumar, who is also CEO of Technisanct, told Newslaundry, “It’s surprising that the website of such a tech-savvy party is harmed so badly that everything from static and dynamic content is wiped out and experts are unable to restore the normal functions of the site even after 10 days.”

It is unclear if email passwords of party members, donor details, candidate surveys, and caste analyses—which are crucial for parliamentary elections—have also been wiped out from the BJP site.

The Chhattisgarh BJP website was also hacked on February 21 and it is still under “maintenance”. The party blames “Pakistani hackers” in its First Information Report.

The BJP is not the only political outfit targeted by the hackers. The Gujarat Congress had also faced a cyber attack on February 21. It was restored within hours.

Between 2012 and 2018, the websites of the Trinamool Congress, CPI-M, Samajwadi Party and Telugu Desam Party had faced similar attacks from hackers. It remains unclear how much data loss these parties incurred due to electronic snooping. Sanjay Goel, founder of cyber security firm Bulwark Cyberx, told Newslaundry, “Threats of home-grown and foreign hackers increase manifold as general elections are near. Since most political parties, politicians and even officials working in the government are ignorant about cyber security, India’s electoral process might be sitting on a time bomb.”

Last month, Austrian political parties alongside the federal parliament faced a data breach. The country is expected to hold elections in mid-May and intelligence agencies are investigating whether a foreign government could be behind the attack to “influence the outcome of the vote or change the tenor of the debate”. It should be remembered that the United States data breach during the 2016 presidential elections rocked the world as Russian intel officials were allegedly involved in using spear phishing emails and malicious software to access the email accounts of Hillary Clinton’s staff and also steal voter data.

The threat and vulnerability of portals and email accounts are phenomenal. In January, an Australian researcher stumbled upon the details of over 2 billion emails and passwords floating on the web in plain text which created global panic. Goel says, “Cyber-crimes and snooping continue to increase and threaten businesses around the world. But the ease and scale with which cyber warriors can compromise political processes is a cause of concern especially because hackers remain untraceable in most cases.”

A cyber-crime is a high degree of breach where data or money is stolen, unlike a regular hack where a person breaks into a security system without necessarily causing damage or stealing information or money. In 2015, hackers stole $1 billion million from a hundred banks across 30 countries. Experts say cyber espionage is often sponsored by rivals, corporates or governments and aims to steal secret data, intellectual property or just to create road blocks using viruses, malware and sophisticated spyware.

Maintenance takes a few hours not weeks, say experts

Can a website remain in “maintenance mode” for so long? According to experts—no.

Harikumar says, “Normally, website maintenance takes an hour or two and the portal is up the same day following a crash or hack—provided backups are available. Restoration of database may take a few days but it is done at the server end during which website can function almost normally.”

Goel adds, “Maintenance is hardly an hour’s job. It seems the BJP is redesigning the whole website. Perhaps the entire backup is also gone. Due to ego issues, they may not disclose it.”

How technology-dependent are our political parties?

With 800 million voters and nearly 2,000 political parties taking part, India’s elections are a staggeringly complex exercise wherein reaching out to each and every voter becomes a great challenge. Today’s technology goes beyond connecting with the electorate. The thriving new field of Big Data helps campaign managers gather information about each individual voter—their likes, interests and political opinions—by combing through users’ Facebook, Twitter and Instagram accounts, and other social media and Internet activity.

But according to experts, most political outfits don’t care much about the security of their data mainly due to ignorance. The cost of firewall—a network device which works as a barrier between a trusted and an untrusted network—is another factor. Harikumar explains: “A firewall costs at least ₹1 lakh for a small office with up to 10 computers. The cost goes up if there are more systems. Many medium and small organisations are not able to spend that much money.”

Government and citizen data are the prime targets

Between January and June 2018, India witnessed 6.9 lakh cyber-attacks, two-thirds of which had come from Russia, US and China. Last year, Union Home Secretary Rajiv Gauba warned that India is vulnerable to cyber snooping. He said: “There is a phenomenal increase in cyber espionage by corporates, governments, hostile governments to steal state secrets, corporate information, intellectual property or military superiority. Cyber attackers are becoming more organised. Many have significant funding.” He said cyber-crime will cost the world $6 trillion a year by 2021.

A cyber expert associated with Maharashtra government says, “Three years ago, cyber security labs would detect new malware—like viruses and adware—every minute. Today, they find three new bugs every second. Government websites and official data are the prime targets of most hackers.” The websites of at least 10 Indian ministries including those of defence, home affairs, labour and law went down for around six hours last July.

According to ethical hackers, financial services and telecom companies are also at risk because they have the largest and most valuable databases of customer information. Similarly, Aadhaar details were allegedly breached last year as well. Even Supreme Court orders have been compromised. A cyber expert says: “This is the evolution of Espionage 2.0 with the entire electoral process at risk. Election machinery could be attacked. Data could be stolen.”

Though no data hacking event has been reported by the Election Commission of India so far, even as its electronic voting machines often court controversy. The same goes for voter lists. An EC official says, “Any website can be hacked by professional hackers or snoopers. However, all our voter data and election data are collected, processed, approved and stored offline as well. It is put up on website only for public ease. Hence, there is no risk of system coming to standstill or data compromise.”