So in the process of communicating with the Indian Government to resolve the issues responsibly, they announce on Twitter "We Breached The Indian Government!!!".
no/less bounties from gov? researcher wants to show off? 10 year old kid who recently wrote some script and has a lot of over confidence? Who knows.
But its a fault of Indian Government too. They hire programmers who are less competent to save budget for salary. And if someone reports some vulnerebility I bet these government police will come after the reporter. And there is no incentives too.
The same thing happens I believe in almost all developing countries, they don't take security that seriously, all contracts related with technology are awarded to the company, that charge the smallest amount of money and has ties with the public officers at the time, when a researcher detects a bug in their software depending on the entity they either sue the researcher or ignore him, until they are exposed by the public media.
Couple months ago the data of all Venezuelan immigrants got breached the government did nothing until the public media started to talk about it.
I think the article covers that exact question (excerpt below)
Sakura Samurai coordinated with the U.S. DoD Vulnerability Disclosure Program (VDP) to assist in facilitating initial conversations of disclosure. John Jackson spoke with DC3’s Program Manager via email and coordinated on a plan of action
&
Roughly 4 days later, after further communication with the DC3, we felt safe to begin our initial reveal of research on the NCIIPC’s RVDP program.
But its a fault of Indian Government too. They hire programmers who are less competent to save budget for salary. And if someone reports some vulnerebility I bet these government police will come after the reporter. And there is no incentives too.