India’s cyber defenses breached and reported; govt. yet to fix it

Two weeks on, and after repeated follow ups, the country’s nodal agency is yet to give any update on remedial actions taken and breach notification processes followed.

(Subscribe to our Today’s Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

A server containing large backups of financial records, dozens of police reports exposing victims’ data, extremely sensitive government systems, and other utmost critical information holding databases have been breached by a team of ethical hackers going by the name Sakura Samurai.

The team performed analysis on their initial findings to further spot other possible areas of weakness that led them to over 13,000 exposed Personally Identifiable Information (PII) of government employees and citizens. One of the security researchers, Robert Willis, discovered an application that can allow hackers to view the country’s Police department’s forensic reports and tooling, including other sensitive police records.

“These exposed records along with other various SQL server dumps and Rob’s [Robert] Police Record Exposure is enough to constitute a data breach without even logging into any of the servers,” noted John Jackson, lead researcher of the Sakura Samurai team.

They reported their findings to the US Department of Defense Cyber Crime Center (DC3), which initiated contact with the India’s National Critical Infrastructure Information Protection Centre (NCIIPC). Following this, the security team shared its 34-page threat report to NCIIPC on February 8.

Two weeks on, and after repeated follow ups, the country’s nodal agency is yet to give any update on remedial actions taken and breach notification processes followed despite running a responsible vulnerability disclosure programme (RVDP).

Patching delays

The delay in patching the weakness could deepen the risk as a lot of citizen’s data isn’t being secured properly.

“Their [citizens] information can be stolen and used on their behalf, resulting in the loss of their accounts, private information sold on the darknet, or used in further campaigns for social engineering attacks which may result in the loss of money, or other assets,” Jackson told The Hindu.

Also Read | Massive breach fuels calls for U.S. action on cybersecurity

“The state [India] should be highly concerned because threat actors could be actively exfiltrating data or spying on secret government projects/operations.”

The weaknesses in the cyber defense system exposed by Sakura Samurai “needs to be patched in a month, far less if they can manage it,” Jackson added.

Usually, fixing exposed credentials and files can be a fast process, but remote code execution weaknesses may take longer to fix as the application needs to be upgraded to its latest version.

India’s cyber defense is exposed roughly two months after Russian hackers breached the US government and private entities by using a vulnerability in the network systems of SolarWinds. The December attack compromised Microsoft’s source code, allowing hackers view the code in a number of source code repositories.

You have reached your limit for free articles this month.

Subscription Benefits Include

Today’s Paper

Find mobile-friendly version of articles from the day’s newspaper in one easy-to-read list.

Unlimited Access

Enjoy reading as many articles as you wish without any limitations.

Personalised recommendations

A select list of articles that match your interests and tastes.

Faster pages

Move smoothly between articles as our pages load instantly.


A one-stop-shop for seeing the latest updates, and managing your preferences.


We brief you on the latest and most important developments, three times a day.

Support Quality Journalism.

*Our Digital Subscription plans do not currently include the e-paper, crossword and print.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *