CBI probes hack into TCS iON assessment software platform

Debangana Ghosh Mumbai | Updated on September 07, 2021

TCS iON is the country’s largest digital assessment software provider   -  The Hindu

Investigative agency books 3 directors of a Noida-based entity

The Central Bureau of Investigation (CBI) is probing into the possibility of a hack into Tata Consultancy Services’ iON platform in relation to the JEE Mains exams breach that happened recently.

The alleged manipulation came to light when the CBI booked three directors of a Noida-based entity on Friday.

TCS iON is the country’s largest digital assessment software provider. The National Testing Agency (NTA) had appointed the company to conduct national level exams, including NEET and JEE Mains, securely and fairly. TCS iON also manages the logistics requirements for the tests, including managing test labs and appointing venue heads.

According to sources, CBI is probing multiple TCS iON’s labs at different locations where tests were conducted, including a university in Sonipat.

TCS noticed the irregularity in its testing systems on September 1; the JEE Mains Exam took place between August 26 and September 2, another source said.

TCS declined to comment on the queries sent by BusinessLine.

So far, the investigative agency has arrested seven people in relation to the case, which include three directors from Affinity Education, a private coaching centre.

Modus operandi

According to the first source, TCS iON’s systems don’t allow external applications or tools to be introduced to its computers and blocks internet access as well. But in this case, through causes under investigation, the test computers may have had some external application pre-installed which was used to connect to the internet remotely and gain access to the computer during the tests.

“This is often done by coaching centres in remote areas. They connive with the venue heads and help students share the screens of their tests remotely and, someone else, most likely from the coaching centre would complete the test on the student’s behalf. The students pay an advance of around ₹2-3 lakh per system getting hacked. These systems are installed with these remote access tools before the exams happen,” the source said.

Possible way out

Ethical hacker Sunny Nehra told BusinessLine : “These tools are externally installed and connected with a Windows system through which remote access is given. Though iLEON operating systems are very strong and hard to crack, the company would have to identify the loopholes in the back-end and rework the architecture of the software.”

Karmesh Gupta, co-founder and CEO, WiJungle, suggested that candidates appearing for the exams should only be able to access the URL-based links connected to the test, which can be integrated in a way that once the URL link is clicked, the other applications on the computer remains blocked.

“This can be done by putting a network firewall at the centre, through which the external network traffic would flow. If not a firewall, an end point security across all systems should be deployed through which an admin can control and deny access to any other application. I think both of these were lagging in the case of JEE Mains Exams. Though I would like to believe TCS iON would be careful on these aspects, there surely has been involvement of the venue heads,” he told BusinessLine.

Published on September 06, 2021

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.

You May Also Like