An American cybersecurity agency, Resecurity’s HUNTER unit, first noticed this breach when they came across the personal data of millions of Indians being put up for sale on the dark web. The HUNTER unit is based on HUMINT, which stands for HUMan INTelligence and can be defined as gathering intelligence through interpersonal contact and engagement rather than following technical processes, feed ingestion or automated monitoring. Further reports claimed that the personal details of more than 800 million Indians have been leaked through the Indian Council of Medical Research (ICMR). The number of citizens whose personal data is floating across the dark web is considerably larger than the population of many countries such as the UK, France and Italy.
The AADHAAR Dilemma: Previous Security Lapse in the National ID Database
In March 2018, the Aadhaar data breach exposed vulnerabilities within India’s biometric ID system, exposing 1.1 billion card details due to an unsecured API. Unfortunately, the incident failed to prompt the government to make lasting security changes. This led to the significant data leak uncovered recently, emphasizing the Central Government’s failure to heed the warning. Lazy data security practices persisted, jeopardizing citizens’ sensitive information. The repetition of such breaches amplified concerns about the government’s negligence in implementing necessary safeguards.
Paisa Phaenk Tamasha Dekh: Data Of Millions of Indians On SALE! Only @BreachForums
The BreachForums is one of the biggest Darknet Forums of the Darknet and is not a communications platform but a black market for hackers from all over the world. Massive databanks of leaked credentials, banking details, personal data and explicit materials are stolen and sourced from various corporations and governments and are put for sale here. Using the alias ‘pwn0001’, a threat actor put the personal data of more than 800 million Indian citizens on the forum. He claimed that the database contains Aadhaar and passport details and was willing to sell the entire dataset for $80,000. The dataset contains all information related to many fields such as name, father’s name, phone number, passport number and Aadhaar number, to name a few. With pwn0001 declining to reveal the source of the leak, the possibility of diagnosing the cause of the leak will remain challenging.
India Needs A Better Digital Protection System in the 21st Century: Why Is It Important?
The Aadhaar is a unique 12-digit identification number issued by the Central Government through the Unique Identification Authority of India. It can be used to prove one’s residency in India and apart from one’s standard information, it also includes core biometrics details of ten fingerprints and two iris scans. Since its introduction in 2009, about 1.4 billion Aadhaars have been issued by the UIDAI, making it one of the most extensive biometrics ID programs on the planet. Described as one of the most sophisticated ID systems ever, the Aadhaar not only acts as a digital ID but also helps facilitate electronic payments and is compatible with various Indian financial institutions. With the passing of the Election Laws Amendment Bill in December 2021, the databases of the Aadhaar and Election Commission were combined. Critics and activists warned that this move could profoundly affect the status of eligibility of many voters.