Posted on 11/12/2023 6:58:18 AM PST by texas booster
In what is suspected to be the biggest data leak case in the country so far, details of 81.5 crore Indians with the Indian Council of Medical Research (ICMR) are on sale.
Given the grave nature of the incident, India’s premier agency Central Bureau of Investigation (CBI) is likely to probe the matter once ICMR files a complaint.
A ‘threat actor’ with a handle on X, formerly Twitter, has advertised the database in the breached forum on dark web which involves records of 815 million Indian citizens — Aadhaar and passport information along with names, phone numbers and addresses. The ‘threat actor’ claimed the data — extracted from the Covid-19 test details of citizens — was sourced from ICMR.
ICMR has been facing multiple cyber-attack attempts since February and central agencies as well as the council were aware of it. Over 6,000 attempts were made last year to hack ICMR servers. The agencies had also asked ICMR to take remedial action to avert any data leak, sources said.
A query, calls and messages sent to ICMR DG on Saturday remained unanswered and his response is awaited.
It has been learnt that CERT-In has informed ICMR about the breach and the verification of sample data, which is on sale, matches with the actual data of ICMR after which all agencies were ropes in.
Considering the sensitivity of the matter, all the top officials of different agencies and ministries have been roped in. Sources said as foreign actors are involved in the leak, it would be important to get it probed by a premier agency. At present, remedial measures have been taken and the required SoP has been deployed to control the damage.
Sources confirmed to News18 that the epicentre of leakage has not been identified as parts of the Covid-19 test data go to the National Informatics Centre (NIC), ICMR and Ministry of Health.
According to American cyber security and intelligence agency Resecurity, which initially noticed the leak, a threat actor going by the alias ‘pwn0001’ posted a thread on Breach Forums on October 9, brokering access to 815 million “Indian Citizen Aadhaar & Passport” records. To put this victim group in perspective, India’s entire population is just over 1.486 billion people.
Pwn0001 shared spreadsheets containing four large leak samples with fragments of Aadhaar data as proof. “One of the leaked samples contains 100,000 records of PII related to Indian residents. In this sample leak, HUNTER analysts identified valid Aadhaar Card IDs, which were corroborated via a government portal that provides a “Verify Aadhaar” feature. This feature allows people to validate the authenticity of Aadhaar credentials,” Resecurity said.
This is not the first time that India’s health system has been targeted by hackers.
Last year, AIIMS faced a cyber-attack that triggered changes in various systems. News18 had reported earlier that the attack had links to “one of India’s neighbouring countries” as agencies had found an IP address originating from there.
Trouble began on November 23 when the servers went down, affecting the outpatient department (OPD) and sample collection services. After a few days, AIIMS had to finally restart its OPD through online booking.
Coming to a country near you.
That is what happens when you give cutting edge technology to a country as chaotic and undisciplined as India.
I’m just really glad our country isn’t chaotic or undisciplined and that things like this would never happen here...
/S
Resecurity Appoints Maj Gen Richard Lake USMC (Ret) as a Senior Advisor
Who is Richard Lake? Very connected and well traveled ...
From 2018 to 2022, Mr. Lake was the Vice President of Security Services (Chief Security Officer) at Booz Allen Hamilton. Since 2017, he also has been a Distinguished Senior Fellow with the Global Resilience Institute at Northeastern University. Before that, from September 2013 to November 2017, Mr. Lake served as the Director of Global Security (Chief Security Officer) for the Bill & Melinda Gates Foundation. He provided physical, personnel, and information security and executive protection there. Dick Lake also led the foundation's incident and business continuity management programs, supporting over 2,000 employees and staff traveling globally and working from two U.S.-based and seven international offices.
Before joining the Foundation in 2013, Dick served in the U.S. Marine Corps for over 36 years as an intelligence, foreign area, and infantry officer. As a General Officer, he led one of the U.S. Intelligence Community's elements as the Director of Intelligence for the U.S. Marine Corps for four years. Subsequently, he spent four years in a joint and interagency U.S. Intelligence Community assignment. Earlier in his career, he served in various command and staff positions in the U.S., Europe, the Caribbean, Latin America, the Middle East, Southwest Asia, and Africa, overseeing humanitarian, crisis, contingency, and combat operations.
During his service, Dick Lake received a variety of U.S. and foreign military decorations, including the Secretary of the Navy's Distinguished Service Medal, the Director of National Intelligence's National Intelligence Distinguished Service Medal, the CIA's Director's Award, the CIA's Distinguished Intelligence Medal, the National Clandestine Service's Donovan Award, and the Defense Intelligence Director's Award.
This is getting to be a little too similar to other operations that leave big government with "no choice" but to help out its citizens.
Good thing that the US government never gets hacked, and that the OPM is now so secure that no one can ever steal personnel info again ...
Same with Experian, Capital One, and the list just goes on.
That Gates name comes up behind almost everything manipulative and evil.
“ Good thing that the US government never gets hacked,”
Indeed. Also a good thing our credit card databases never get hacked every now and then. Or password databases..
We can be sure it’s already happened in the U.S.A., more than once, but our overlords are hiding it and in denial.
Security of data is only as sound as the character of the people running it.
It happens all the time. I was being sarcastic.
Way back in those quaint days when companies would offer a bounty for new computer viruses, there was a strong suspicion that the companies themselves, or their competitors, would “create” new computer viruses to collect the bounty - from a competitor - or to inflate their own marketing numbers.
Some of these hacks are so massive that I suspect that there is a lot of the NSA’s own handiwork in the process. Either in creating/exploiting a flaw, or in allowing the flaw to be released into the wild.
If a large totalitarian government really wanted to control the world, what better way than to encourage these massive databases, and then allow them to be breached?
I started to post articles on the EU’s new eID and got sidetracked.
Will return to add more to the story.
“crore” is an Indian word for ten million; I had to look it up.
I hope they all get the email that says “I recorded you!!”
Then gives directions to pay in crypto or else they release the video...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.