The Personal Identifiable Information (PII) of approximately 81.5 crore Indian citizens, including their Aadhaar cards have been allegedly put on sale on the dark web, News18 reported on 30th October (Monday). According to the report, citing sources and findings of an American cyber security and intelligence agency Resecurity, this is suspected to be the biggest data leak case in the country so far.
In early October, Resecurity’s HUNTER (HUMINT) unit identified millions (allegedly 81.5 crore) of PII records, including Aadhaar cards, belonging to Indian residents being offered for sale on the Dark Web, as claimed by the American cybersecurity sleuth.
According to the News18 report, the allegations are grave in nature that sensitive data of 81.5 crore Indians which allegedly originated from the Indian Council of Medical Research (ICMR) database are on sale. Based on the seriousness of the allegations, the News18 report asserted that the Central Bureau of Investigation (CBI) could likely probe the matter once ICMR files a complaint.
CERT-In is investigating the alleged data leak, says Minister Rajeev Chandrasekhar
Following the reports of the data leak, Minister of State for Electronics and IT Rajeev Chandrasekhar told NDTV that the government’s Computer Emergency Response Team, or CERT, is investigating the alleged data leak.
He, however, didn’t confirm or comment on the size of the alleged leak. But he asserted that the government is working to ensure private data including that collected by the centre or state for administrative purposes, or by businesses for commercial reasons – is maintained in a “bulletproof” ecosystem”.
On Tuesday evening (31st October), Minister Chandrasekhar said, “Not something I am very happy about, (but) CERT (In) is investigating, as its mandate. (I am) still not privy to exact details… only understand it is an alleged leak or breach. I have no idea about the size of the (alleged) leak… don’t want to speculate.”
Stressing that we should not speculate till CERT-In submits its report, he added, “CERT(In) is investigating… to understand what was leaked, where it has been leaked, and what caused it… whether it was a hack or an operating system vulnerability. Will wait till they give a report.”
The Minister emphasised that the government is still working on moving large amounts of data, including legacy data collected over the past decades, to safe storage.
He further added, “I think we have to recognise the government ecosystem will take a little longer to transition to a bullet proof set-up… one which manages data and keeps it in a safe and responsible manner.”
American cyber security and Intelligence research group Resecurity unearthed the alleged data being put on sell on the dark web
Earlier, the Resecuirty findings claimed to reveal that on 9th October, a threat actor going by the alias ‘pwn0001’ posted a thread on Breach Forums on the dark web. In the post, the ‘threat actor’ put on sale access to 815 million “Indian Citizen Aadhaar and Passport” records along with other PII details like names, phone numbers, and addresses.
The ‘threat actor’ also claimed that the data extracted from the COVID-19 test details of citizens was sourced from ICMR.
Citing sources, News18 reported that ICMR has been facing multiple cyber-attack attempts since February and central agencies as well as the council were aware of it. Last year, the ICMR servers faced over 6,000 attempts of cyber hacking prompting various agencies to ask ICMR to take remedial action to avert any data leak.
As per the News18 report, CERT-In has informed ICMR about the breach. It has also verified sample data, which is on sale, that it matches with the actual data of ICMR following which all security agencies and top officials of different agencies and ministries have been roped in.
According to News18 sources, foreign actors are involved in the leak which is why it is important to get it probed by a premier agency. Meanwhile, remedial measures have been put in place and the required standard operating procedures (SoPs) have been deployed to control the damage.
However, News18 reported that the epicentre of leakage has not been identified as parts of the Covid-19 test data go to the National Informatics Centre (NIC), ICMR, and Ministry of Health, citing sources.
American cyber security agency added that HUNTER investigators established contact with the threat actor. During their interaction, they learned that the threat actors were willing to sell the entire Aadhaar and Indian passport dataset for $80,000.
The ‘threat actor’ Pwn0001 shared spreadsheets that contain four large leak samples with fragments of Aadhaar data as proof. Resecurity said, “One of the leaked samples contains 100,000 records of PII related to Indian residents. In this sample leak, HUNTER analysts identified valid Aadhaar Card IDs, which were corroborated via a government portal that provides a “Verify Aadhaar” feature. This feature allows people to validate the authenticity of Aadhaar credentials.”
Similarly, on 30th August, another online user by the pseudo name ‘Lucius’ claimed that they had a big leak of data. Dubbed as “India internal law enforcement organisation,” the storage of the leak was reportedly about 1.8 terabytes.
According to the report, the alleged second leak had even more sensitive database than threat actor pwn0001’s leak. It had Aadhaar IDs, Voter IDs, and driving license records.
The HUNTER team claimed that they found some records with the word “PREPAID”, indicating that it could even mean the leak came from a company that offers pre-paid SIM cards. It added that these companies collect personal information to check their customers before they start their mobile services.
However, this alleged attack or data breach is not the first time that hackers have targeted India’s health system. Last year, AIIMS faced a cyber-attack triggering changes in various systems. Earlier, OpIndia had reported that AIIMS servers were targeted by Chinese hackers as agencies had found an IP address originating from there.
It began on 23rd November when the servers went down and it affected the outpatient department (OPD) and sample collection services. A few days later, AIIMS had to finally restart its OPD through online booking.
