Recap : Indian Embassy in Bahrain had a domain name indianembassy-bah.com and they seem to have had a fallout with the website development company so they moved to a new one and took up a new domain name indianembassybahrain.com
You must note that they did not take their domain name - maybe they thought that it is provided by the "admin" of the site !
My earlier blog post is here...
Now they are proud of their new website - indianembassybahrain.com and they still do not know that their domain name does not belong to them.
A whois query shows neither the Embassy nor the Ambassador or any officer of the Government of India named as Registrant, Administrative Contact or Technical Contact. The domain is owned and controlled by the same company that has developed the website for the Embassy, albeit in a different name !
The Website is developed by a company named Elite International and the Domain Registrant is a person using his yahoo email address.
So where does this leave the Indian Embassy in Bahrain with respect to their so called 'gateway' ? Simply put - it does not belong to them and another domain is waiting to host XXX sites the day they fall out with their service provider.
My observations are based on the statements usually carried in the news article that I quote and when I read the original media report I am sadly shocked to see the Embassy officials saying that they are trying to contact their website admin to get the old domain name back.
These guys have (obviously) not learnt their lesson and continue to play with the reputation of the country. A domain name for the Embassy is as sacrosanct as the embassy premises and this internet address is MORE permanent than the physical location. A physical location will be visited only when the person is in the country but the internet location can be visited from anywhere in the world and there is no "chaprasi" at the gate to ask silly security questions or to make sillier frisking gestures.
Then the embassy officials have email addresses which are on batelco.com.bh. They might as well have gmail or yahoo or hotmail addresses. Sensitive positions in the mission (for example the consular officer can get emails relating to visa applications) must have email addresses which are allocated on Government of India servers. In simple words the email address must be @mea.gov.in or @nic.in
As I make this statement against the use of non-official domain based email addresses, I do so without the knowledge of the security on these servers. However, basing my assumption on the savvy shown in their interactions in the domain name issue, I expect the passwords to be simple to crack or they may be shared too.
The Whois result for the domain name indianembassybahrain.com is here.
It is time for the MEA to really set some policies. Over the years one has seen a number of security breaches happening and these minor issues add to the recipe for disaster. Lax policies in respect of communication channels are bad. One does not expect the staff members at the Embassy to be tech savvy but the IT administrator or the security guys must know the risks.
Sometime back the Government had issued a directive to all departments to stop using public email addresses for official work and public email addresses musty include emails provided by ISPs.
It is common knowledge that ISPs have to monitor traffic and most governments mandate this. Here we have a diplomatic mission in a foreign country using local ISP provided email addresses for communication sensitive or not, damn the thought.
Before I close, I must share another thought - why should anyone be excused for not being tech savvy ? In this day and age every one is using or has to use computers and other devices. So he / she must know about technology risks and security. In the same vein one cannot excuse someone for walking in the middle of the road just because that person does not know what traffic looks like and that a vehicle can knock him/her down.
Labels: bahrain, domain name ownership, indian embassy, indian embassy bahrain