In one of the biggest data breaches ever reported in India, Seqrite Cyber Intelligence, a unit of BSE-listed Quick Heal Technologies, on Tuesday, October 3, 2017, tracked a broadcast advertisement that claims to have “secret access” to database dump of over 6,000 Indian entities, including government agencies and private organizations.
Seqrite, along with its partner seQtree InfoServices, in a statement said it has “tracked an advertisement on DarkNet announcing secret access to the servers and database dump of over 6,000 Indian businesses.”
The affected organization has been identified as Indian Registry for Internet Names and Numbers (IRINN), which comes under National Internet Exchange of India (NIXI). In an email response to PTI, NIXI said, “The hacker has no capacity to cause any damage or initiate distributed denial of service to any entity who has been allocated Internet resources through IRINN System.”
Following this breach, security protocol has been further strengthened and review of existing infrastructure has also been initiated, NIXI said.
“We have alerted the government authorities well within time. If someone gets control over this massive data that is currently up for sale on DarkNet, the concerned organizations and enterprises can get affected,” Rohit Srivastwa, Senior Director, Cyber Education and Services at Quick Heal, was quoted in an IANS report.
The unidentified hacker has reportedly put up for sale the data of government organizations such as Unique Identification Authority of India (UIDAI), Defence Research and Development Organization (DRDO), Indian Space Research Organization (ISRO), Reserve Bank of India (RBI), Employees’ Provident Fund Organization (EPFO), State Bank of India (SBI), Bharat Sanchar Nigam Limited (BSNL), among several others.
Bombay Stock Exchange (BSE), Idea Telecom, Flipkart, Aircel, TCS, and ICICI Prudential Mutual Fund are some of the major Indian organizations which have been threatened by this massive data breach.
The seller has priced the information at 15 Bitcoins (around Rs 41.89 lakh). Researchers have suggested that the seller claims to have the ability to manipulate the IP allocation pool, which could result in a serious outage or Denial of Service (DoS) like condition.
“If the hacker gets an interested buyer, then an attack on the system could disrupt Internet IP allocation and affect Internet services in India”, Seqrite said.
Along with the access, the hacker is also selling credentials, Personal Identifiable Information (PII) and various contractual business documents and claims to have access to a large database of Asia Pacific Network Information Centre (APNIC).
To churn out more information from the seller, the Seqrite team posed as an interested buyer. During the inspection, the firm was able to get a list of 6,000 emails, that brought them to a conclusion that the affected organization was IRINN.
Cybersecurity firm Seqrite said that if the database was sold, then an attack on the system could disrupt Internet IP allocation and in-turn affect Internet services in India.