Hacked data from India’s NIXI IRINN up for sale on darknet; cybersecurity expert warns of misuse

A cyber security company Seqrite, along with its partner seQtree on 29th September, discovered a possible breach at India’s National Internet Registry and notified it to the Indian government.

Must Read

Over 50% candidates with Hindi, regional languages clears UPSC civil service exam in 2018

In 2018, a total of 812 candidates were recommended for central civil services, among them 485 candidates were those who had chosen Hindi or other regional languages as mother tongue

Modi govt to amend IT Act to trace rogue messages on WhatsApp

The Union government said that to trace rogue messages on platforms such as WhatsApp, it has proposed to amend the Information Technology (Intermediaries Guidelines) Rules, 2011 of the IT Act, 2000

Modi govt mulling to bring national level blockchain framework

While replying to question in the Lok Sabha, the Union minister of state for electronics and IT Sanjay Dhotre said that an approach paper on National Level Blockchain Framework is being prepared
Sanjay Singh
Sanjay Singh
Sanjay Singh covers startups, consumer electronics and telecom for TechObserver.in

A cyber security company Seqrite, along with its partner seQtree on September 29 discovered a possible breach at India’s National Internet Registry and notified it to the Indian government. The company in their blog said that they discovered about the breach via an advertisement that the hackers had apparently had put up as – “access to the servers and database dump of an unspecified Internet Registry” on a darknet platform. Upon further research and interacting with the seller, the team confirmed that the breach was legitimate and the unspecified registry was when they discovered critical data of some of the most important and high-profile organizations of India.

Indian Registry for Internet Names and Numbers (IRINN) provides allocation and registration services of IP addresses (the internet address used by devices to reach other devices on the internet) and Autonomous System numbers. It comes under NIXI (National Internet Exchange of India) which “is the neutral meeting point of the ISPs in India with the primary objective being the facilitation of exchange of domestic Internet traffic between peering ISP members.” – reads their website.

The dealer, during a conversation with the security team which was posing as an interested buyer, said “In client Database you can get username, email ids, passwords, organisation name, invoices/billing documents, and few more important fields. You can also control IP range of respective organisation. You can entirely shut down that organisation.

“Disrupting the internet is one small part of the real risks if the data falls into wrong hands. If exploited, a malicious user could infect even the most trusted and secured websites & servers to display real looking, backdoored pages and steal critical information of hundreds of millions of Indians,” said Ankush Johar, Director of BugsBounty.com – A crowd-sourced security platform for ethical hackers and organisations.

“This is a big wakeup call for the government of India suggesting that the present security mechanisms might not be enough to safeguard the citizens of the country,” he added.

“Learning from other governments overseas might do the job for India too. It’s time to crowdsource the security of such critical applications because it’s simply better to have ten thousand ethical hackers to verify the security instead of a few hundred security analysts and all this can be done via bug bounty programs that allow efficient utilization of ethical hackers in India. Even The US Army and The US Navy have successfully conducted bug bounty programs in the past, now it’s time for Indian organisations to open up to crowd-sourced security”

- Advertisement -
avatar
1000
  Subscribe  
Notify of
- Advertisement -

Latest in TECH

Modi govt mulling to bring national level blockchain framework

While replying to question in the Lok Sabha, the Union minister of state for electronics and IT Sanjay Dhotre said that an approach paper on National Level Blockchain Framework is being prepared
- Advertisement - ESDS eNight Cloud Hosting

Related Articles