Pune based anti-virus provider Quickheal created ripples few hours ago, when they reported that critical data from more than 6000 establishments, businesses and organizations have been hacked, and put on sale on the darknet.
However, Govt. officials who are managing the entire Internet protocols in India have vehemently denied any such reports of data leak.
What is the truth here?
Quickheal: UIDAI, RBI, BSE, ISRO Data Leaked
Quick Heal’s Enterprise Security brand Seqrite reported that they have witnessed an advertisement posted on the darknet, wherein the seller is offering crucial data from leading Govt. and private organizations for 15 bitcoins, which is approximately Rs 42 lakh.
Along with their partner seQtree InfoServices, they traced the advertiser, and dug out details regarding the offer, and the results are alarming. They even disguised as buyers, and contacted the advertisers for their services.
The hackers have claimed to disrupt business operations of any business they want, on demand. Maybe the amount of bitcoins charged would be even more for such ‘request’.
Seqrite has said, “This can be a major tool of mass disruption if a non-state actor gets hands on it,”
Some of the organizations which, as per Quickheal, are affected include: UIDAI (Aadhaar), Idea Telecom, Bombay Stock Exchange (BSE), Flipkart, DRDO, Aircel, Reserve Bank of India, BSNL, SBI, TCS, ISRO, ICICI Prudential Mutual Fund, VMWare, Employees’ Provident Fund Organization, various Indian state government portals, and others.
Rohit Srivastwa, Senior Director, Cyber Education and Services at Quick Heal said, “We have alerted the government authorities well within time. If someone gets control over this massive data that is currently up for sale on DarkNet, the above-mentioned organizations and enterprises can get affected,”
In fact, as per the reports, India’s national Internet registry IRINN (Indian Registry for Internet Names and Numbers) has been compromised, which comes under the National Internet Exchange of India (NIXI).
If this is indeed the case, then this may be the worst security hack ever reported in India.
Government Vehemently Denies Such Hack
As the news gained momentum, Govt. officials took charge, and they have issued statements.
National Internet Exchange of India (NIXI), which manages entire registry of Internet domains and protocols, have termed the claims of hack as “audacious and far from truth”.
In a statement, they have said that no such hack has ever taken place.
The statement said, “We assure our affiliates and all concerned that our system is secured and security protocol in practice is capable of handling such attacks. The claim by the actor of Dark Net is audacious and far from truth.”
However, NIXI said that an ‘attempt’ was indeed made, and some basic information of users were extracted. But the system implemented by NIXI didn’t allow any further hack.
NIXI said, “The existing security protocol of NIXI is robust and capable of countering such attacks. However, following this breach, security protocol has been further strengthened and review of existing infrastructure has also been initiated,”
We will keep you updated as we receive more information.
"Hacked! Critical Data From UIDAI, BSE, RBI, ISRO Up For Sale On Darknet!",