Some Indian government websites have allowed scammers to plant advertisements capable of redirecting visitors to online betting platforms.
TechCrunch discovered around four dozen “gov.in” website links associated with Indian states, including Bihar, Goa, Karnataka, Kerala, Mizoram and Telangana that were redirecting to online betting platforms. Some of those websites belong to state police and property tax departments in the respective states. The scammy links were indexed by search engines, including Google, making the ads easy to find online.
The redirecting websites, touted as “Asia’s most popular” online betting platform and “the number one online cricket betting app in India,” claim to allow betting on games, including cricket tournaments such as the Indian Premier League.
It’s not clear how the scammers planted the ads on Indian government pages or for how long the links were redirecting to the online betting platforms.
After spotting the issue earlier this week, TechCrunch alerted India’s Computer Emergency Response Team, known as CERT-In, to the lapse and provided a few affected state government website links for reference.
Shortly after, the Indian cyber agency acknowledged the receipt of the email, and on Thursday CERT-In confirmed it escalated the matter.
“We have taken up with the concerned authority for appropriate action,” the agency said in an email response. It is not clear if the flaw allowing the backdoor access to state government websites has been fixed.
Last June, TechCrunch reported that scammers had published ads for hacking services on U.S. government websites by way of a security flaw in the government’s web content management system software. Some of those ads appeared to be available online for years.