Indian Kanoon - Search engine for Indian Law

12. He next urged that the petitioner has an unblemished record and the entire examination was conducted by the petitioner in a fair manner and only at two centres there was paper leakage of J.E examination where computer hacking took place and the petitioner has no role to play in the papers leakage at the said two centres.

13. On the other hand, Sri Amit Saxena, learned Senior Advocate assisted by Sri Abhishek Srivastava, learned counsel for the respondent-U.P. Power Corporation has vehemently opposed the arguments of learned counsel for the petitioner and has invited the attention of the Court towards the terms and conditions of the agreement dated 9.10.2017 specially Clause 2 and 7 regarding the venue selection and seat arrangements, and Clause-IX for examination. A perusal of which shows that as per Clause-2 of the contract containing the 'scope of work' which includes the inviting and processing of applications, venue selection and seat arrangements, maintaining attendance sheets, designing and developing question papers and numerous other pre-examination stage, examination stage and post examination stage activities. As per Clause-7 of the contract, the petitioner was required to carry out all the works covered under the 'scope of work' with 100% accuracy and as per Clause-2, petitioner was required thus Ensure complete secrecy of examination process. Aptech shall deploy a highly secure system and conduct of security tests to verify that there are no vulnerabilities for exam conduct process." Thus, the petitioner's failure to change the IP address of the computer, sanitizing the computer device and isolation of network ports apart from other things to be done by petitioner proves that the petitioner created an opportunity to software hackers to install remote access software AMMY ADMIN and to leak the question paper to solve it from outside examination centre. The petitioner's fault while on the one hand caused a great loss and hardship to the Corporation as the examination had to be cancelled; on the other hand a fresh agency, namely, EDCIL (among the "MINIRATNA" PSU of the Central Goverment) had to be given contract for safeguarding the future of the candidates and to maintain a clean image of the Commission in holding competitive examination. He submits that the petitioner has failed to give proper explanation to the charges levelled against him in the show cause notice and his reply is self contradictory in nature which shows his failure in performing his duties as per the contract and resulted in a serious incidence of hacking and cancellation of examination.

14. He further submits that from a perusal of the F.I.R., it is evident that it contained the averment in regard to Aptech Limited being the examination conducting agency its failure to ensure that the computer systems which were installed at the examination centres, namely, J.K. Public School, Lucknow and Mahabir Prasad Degree College did not contain any virus/hacking software. Thus, from the F.I.R. it is clear that the Aptech Limited had not only failed to ensure that the computer systems were properly sanitized and free from hacking etc. but also facilitated the accused persons to install AMMY ADMIN software which gave access to such systems to the hackers to hack the examination papers and to benefit certain of the candidates illegally. The report of the S.T.F. U.P. police spells out the technical shortcoming/anomalies at the end of the petitioner.

23. As we have already noticed that as per the contract the scope of work, venue selection and seat arrangements were all detailed out specifically in the terms of agreement and this was all aimed not only at providing absolute transparency in matters of selection in public employment but also to maintain absolute secrecy to make the competition healthier and unquestionable. However, the findings that have come to be arrived in the enquiry report submitted by the S.T.F. in which it has been categorically recorded that the centres/colleges where the computer lab was to be utilized were virtually insecured as AMMY software had already been installed before the examination and the ID and password were used through Whats App messages to arrange answer to the question in advance and this was found to be identical mistake that resulted in absolute hacking of the server and this all happened only because the systems were not sanitized before uploading the question papers through the desired software and resulted in easy access to the mobile because of hacking of the password and the IDs. This above finding has resulted in the charges that show cause notice contained. In reply thereto, an expert opinion of Professor Manish Salvi was relied upon to justify innocence of the petitioner. It has been argued before this Court that the Expert opinion was to the effect that MAC address can be hacked and cloned as well. Much emphasis has been laid upon the reply of the Expert regarding question no. 2. For better appreciation question no. 2 and answer submitted by the Expert in his opinion dated 26th September, 2018 are reproduced hereunder:-

"Que. 2 Can the MAC address be hacked or cloned? If Yes or No, Pl. Elaborate.

Ans. Yes, MAC address can be hacked accordingly Cloned....

If the hacker wants to confuse the switch and other users, Hackers can present a duplicate MAC on he same LAN. This cause a service "irregularity" for whomever they are duplicating. It not the standard behavior for a duplicate MAC, but it is not really possible (nor necessary) to 'snoop' that way. If the hacker wanted to snoop, since ETHERNET is a broadcast medium, they just need to be connected and listening.