Comments
The Central Bureau of Investigation (CBI) is probing into the possibility of a hack into Tata Consultancy Services’ iON platform in relation to the JEE Mains exams breach that happened recently.
The alleged manipulation came to light when the CBI booked three directors of a Noida-based entity on Friday.
TCS iON is the country’s largest digital assessment software provider. The National Testing Agency (NTA) had appointed the company to conduct national level exams, including NEET and JEE Mains, securely and fairly. TCS iON also manages the logistics requirements for the tests, including managing test labs and appointing venue heads.
According to sources, CBI is probing multiple TCS iON’s labs at different locations where tests were conducted, including a university in Sonipat.
TCS noticed the irregularity in its testing systems on September 1; the JEE Mains Exam took place between August 26 and September 2, another source said.
TCS declined to comment on the queries sent by BusinessLine.
So far, the investigative agency has arrested seven people in relation to the case, which include three directors from Affinity Education, a private coaching centre.
Modus operandi
According to the first source, TCS iON’s systems don’t allow external applications or tools to be introduced to its computers and blocks internet access as well. But in this case, through causes under investigation, the test computers may have had some external application pre-installed which was used to connect to the internet remotely and gain access to the computer during the tests.
“This is often done by coaching centres in remote areas. They connive with the venue heads and help students share the screens of their tests remotely and, someone else, most likely from the coaching centre would complete the test on the student’s behalf. The students pay an advance of around ₹2-3 lakh per system getting hacked. These systems are installed with these remote access tools before the exams happen,” the source said.
Possible way out
Ethical hacker Sunny Nehra told BusinessLine : “These tools are externally installed and connected with a Windows system through which remote access is given. Though iLEON operating systems are very strong and hard to crack, the company would have to identify the loopholes in the back-end and rework the architecture of the software.”
Karmesh Gupta, co-founder and CEO, WiJungle, suggested that candidates appearing for the exams should only be able to access the URL-based links connected to the test, which can be integrated in a way that once the URL link is clicked, the other applications on the computer remains blocked.
“This can be done by putting a network firewall at the centre, through which the external network traffic would flow. If not a firewall, an end point security across all systems should be deployed through which an admin can control and deny access to any other application. I think both of these were lagging in the case of JEE Mains Exams. Though I would like to believe TCS iON would be careful on these aspects, there surely has been involvement of the venue heads,” he told BusinessLine.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.