Results 1 to 11 of 11

Thread: OK maybe Saracen has a point - *massive* data breach in India

  1. #1
    mush-mushroom b0redom's Avatar
    Join Date
    Oct 2005
    Location
    Middlesex
    Posts
    3,138
    Thanks
    130
    Thanked
    300 times in 229 posts
    • b0redom's system
      • Motherboard:
      • Some iMac thingy
      • CPU:
      • 3.4Ghz Quad Core i7
      • Memory:
      • 24GB
      • Storage:
      • 3TB Fusion Drive
      • Graphics card(s):
      • nViidia GTX 680MX
      • PSU:
      • Some iMac thingy
      • Case:
      • Late 2012 pointlessly thin iMac enclosure
      • Operating System:
      • OSX 10.8 / Win 7 Pro
      • Monitor(s):
      • Dell 2713H
      • Internet:
      • Be+

    OK maybe Saracen has a point - *massive* data breach in India


  2. #2
    Admin Saracen's Avatar
    Join Date
    Jul 2003
    Posts
    17,558
    Thanks
    853
    Thanked
    3,023 times in 2,141 posts

    Re: OK maybe Saracen has a point - *massive* data breach in India

    Well, that might have been an interesting read .... but Engadget's site just keeps permanently refreshing, and/or presents me with a solid black block where text should be. So after 10 minutes wasted, I gave up.

    Oh well.
    Noli nothis permittere te terere.


  3. #3
    Hooning about Hoonigan's Avatar
    Join Date
    Sep 2011
    Location
    Renfrew, Scotland.
    Posts
    1,444
    Thanks
    114
    Thanked
    248 times in 170 posts
    • Hoonigan's system
      • Motherboard:
      • MSI Z270 Gaming M7
      • CPU:
      • Intel Core i7 7700k @ 5.0GHz
      • Memory:
      • 16GB Corsair Vengeance LPX DDR4 3200MHz
      • Storage:
      • 512GB ADATA GAMMIX S10 NVMe, 256GB Samsung PM961 NVMe, 120GB Corsair Force 3, 500GB WD HDD
      • Graphics card(s):
      • EVGA NVIDIA GTX 1070 SC
      • PSU:
      • Enermax Modu 82+ 525w
      • Case:
      • BeQuiet Dark Base Pro 900
      • Operating System:
      • Windows 10 x64
      • Monitor(s):
      • LG 34UM95-P 3440 x 1440 Ultra-Wide
      • Internet:
      • Virgin Media Vivid 300

    Re: OK maybe Saracen has a point - *massive* data breach in India

    Quote Originally Posted by Saracen View Post
    Well, that might have been an interesting read .... but Engadget's site just keeps permanently refreshing, and/or presents me with a solid black block where text should be. So after 10 minutes wasted, I gave up.

    Oh well.
    India's government Aadhaar database, which holds personal information of over one billion Indian citizens, was allegedly breached, BuzzFeed News reports. Along with demographic info, the database also contains biometric data like fingerprints and iris scans. Indian publication The Tribune reported earlier today that it was able to access any registered citizen's demographics after it was granted admin access by an anonymous individual. In just 20 minutes, a reporter was given an administrator ID and a password after contacting the individual through WhatsApp and transferring what amounted to less than $8. Afterwards, the reporter was able to plug in anyone's Aadhaar number and get their name, address, postal code, photo, phone number and email. For an additional $5, the reporter was also able to get software that allowed them to print an Aadhaar card with anyone's number.

    An officer with the Unique Identification Authority of India (UIDAI), the government authority that runs Aadhaar, initially told The Tribune, "Except the Director-General and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach." However, it later released a statement denying a breach, saying The Tribune's article was "a case of misreporting" and assured that "there has not been any Aadhaar data breach." But in the same statement it admitted that The Tribune report was an "instance of misuse of the grievance redressal search facility," suggesting that sensitive data was in fact accessed. India's Bharatiya Janata Party, one of the country's two major political parties, called The Tribune's report "fake news."

    BuzzFeed News got in touch with the person who allegedly sold The Tribune the admin access. The person said that they had paid around $95 for access themselves through a WhatsApp group and was told that they could then create as many usernames and passwords as they wished. Becoming an Aadhaar admin appears to allow you to create other admin accounts, a feature that seems like a fundamental flaw of the system. The person admitted to selling access to seven other people over the last week but said they didn't know they were breaking the law or compromising data security by doing so.

    Many have been critical of the database, data from which has been exposed before, for its lack of security and this alleged breach has just added fuel to the fire. Meghnad S, spokesperson for India's online SpeakForMe.in movement, told BuzzFeed News, "In its hurry to make Aadhaar mandatory and not ensuring data safety, the government has allowed shady vendors to exploit this data for their own gains."

  4. Received thanks from:

    Saracen (09-01-2018)

  5. #4
    Senior Member
    Join Date
    Jun 2005
    Posts
    799
    Thanks
    427
    Thanked
    58 times in 52 posts
    • Millennium's system
      • Motherboard:
      • Asus Z170 Pro Gamer ATX
      • CPU:
      • Intel i5 6600K @ 4.5GHz 4 core
      • Memory:
      • Corsair VPX 3000 DDR4 (16, 4*4)
      • Storage:
      • 500gb 850 Evo sata3 SSD, 2*2TB Green 5900 Raid 0
      • Graphics card(s):
      • MSI 390 8gb
      • PSU:
      • toughpower 1kw
      • Case:
      • Zalman Z3 Plus
      • Operating System:
      • Windows 10 64bit
      • Monitor(s):
      • VIEWSONIC VG2401MH 144hz (Solid)
      • Internet:
      • Origin ADSL Broadband, not really recommended.

    Re: OK maybe Saracen has a point - *massive* data breach in India

    Considering this is India where half the government is incompetent and bribery and corruption are everywhere this is par for the course. I wish they would catch up to us.
    : n(baby):n(lover):n(sky)|>P(Name)>>not quite

    how do you spend your time online? (Hexus link)

  6. #5
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,217
    Thanks
    2,226
    Thanked
    2,787 times in 2,227 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: OK maybe Saracen has a point - *massive* data breach in India

    Quote Originally Posted by Millennium View Post
    Considering this is India where half the government is incompetent and bribery and corruption are everywhere this is par for the course. I wish they would catch up to us.
    The problem is often the insider - doesn't have to be bribery or corruption. Ideology can be an influence - look at Snowden.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  7. #6
    mush-mushroom b0redom's Avatar
    Join Date
    Oct 2005
    Location
    Middlesex
    Posts
    3,138
    Thanks
    130
    Thanked
    300 times in 229 posts
    • b0redom's system
      • Motherboard:
      • Some iMac thingy
      • CPU:
      • 3.4Ghz Quad Core i7
      • Memory:
      • 24GB
      • Storage:
      • 3TB Fusion Drive
      • Graphics card(s):
      • nViidia GTX 680MX
      • PSU:
      • Some iMac thingy
      • Case:
      • Late 2012 pointlessly thin iMac enclosure
      • Operating System:
      • OSX 10.8 / Win 7 Pro
      • Monitor(s):
      • Dell 2713H
      • Internet:
      • Be+

    Re: OK maybe Saracen has a point - *massive* data breach in India

    Here you go Saracen - how about a guardian link?

    https://www.theguardian.com/world/20...online-aadhaar

  8. Received thanks from:

    Saracen (09-01-2018)

  9. #7
    Senior Member Pob255's Avatar
    Join Date
    Apr 2007
    Location
    The land of Brum
    Posts
    9,760
    Thanks
    534
    Thanked
    1,158 times in 1,070 posts
    • Pob255's system
      • Motherboard:
      • Asus M5A99X EVO
      • CPU:
      • PhenomII x4 955 & CM Hyper 212+
      • Memory:
      • 2x 4gb Corsair Vengence 1600mhz cas9
      • Storage:
      • 250gb SATA Westerndigital + 500gb samsung +1tb Samsung
      • Graphics card(s):
      • Asus GTX560ti CuII
      • PSU:
      • Be Quiet E9 680w
      • Case:
      • HAF 912+
      • Operating System:
      • W7 Pro
      • Monitor(s):
      • Dell 21" ips something

    Re: OK maybe Saracen has a point - *massive* data breach in India

    Quote Originally Posted by Millennium View Post
    Considering this is India where half the government is incompetent and bribery and corruption are everywhere this is par for the course. I wish they would catch up to us.
    You're damn right they should catch up with us and if they cannot manage 100% corruption then they should at least be up to three quarters corrupt by now.
    Slackers!

  10. #8
    boop, got your nose stevie lee's Avatar
    Join Date
    Sep 2007
    Location
    southport
    Posts
    2,452
    Thanks
    386
    Thanked
    361 times in 275 posts
    • stevie lee's system
      • Motherboard:
      • Gigabyte GA-870A-USB3
      • CPU:
      • Phenom II X6 1090T 6core 3.2ghz
      • Memory:
      • 8GB Corsair DDR3 1600 MHZ
      • Storage:
      • Hitachi 500, 640GB + 1TB. WDblue 2TB, Crucial M500 240GB
      • Graphics card(s):
      • Nvidia Palit 750 Ti
      • PSU:
      • Enermax Naxn 350 W
      • Case:
      • Xigmatech Midgard
      • Operating System:
      • Win 10 Home
      • Monitor(s):
      • 22" Samsung SM2233BW
      • Internet:
      • 20mb plusnet unlimited!

    Re: OK maybe Saracen has a point - *massive* data breach in India

    not sure whether we still do it or not but http://www.telegraph.co.uk/news/heal...-to-India.html some of the NHS was sending some data to india to be processed back in 2010.

    The possible risks of transferring patient data abroad were exposed last year when undercover reporters from ITV’s Tonight programme were able to buy health records which were processed in India from a private hospital in London
    *last year in this case being 2009

    so its happened before, happened again, and 'maybe' will happen again in the future.

  11. #9
    Admin Saracen's Avatar
    Join Date
    Jul 2003
    Posts
    17,558
    Thanks
    853
    Thanked
    3,023 times in 2,141 posts

    Re: OK maybe Saracen has a point - *massive* data breach in India

    Thanks to Hoonigan and B0redom for the quotes. I guess I was being a lazy bleep, but truth is, time got me. Had to go out.

    So thanks.

    Quote Originally Posted by Millennium View Post
    Considering this is India where half the government is incompetent and bribery and corruption are everywhere this is par for the course. I wish they would catch up to us.
    What, catch up to us by sending most of it on unencrypted CDs thtough the post, or having military "intelligence" people leave it in a cab.

    Yup, if they caught up to us, that'd reassure me loads. Gross incompetence is, I guess, better than corruption, but the end result is the same.


    More serioulessly, it's not just massive government ID databases that worry me, though any such system needs to be designed and implemented so that NOBODY can access data they're not entitled to, and those authorised staff CANNOT do so without leaving an audit trail over which thdy have NO access. Such access levels would be a good use of biometric ID.


    What worries me more (much more) is corporate security. There, where security has a cost implication, there's a built-in motive to only do the minimum, not everything possible.

    For instance, earlier today I was reading Specsaver's Privacy Policy. Pretty inoccuous, right? Except that they database info you "volunteer", INCLUDING medical info. I always get asked if I have any medical conditions, and /or taking medication. Well, it gets databased.

    Next, they not only can share it with "partners" (which, IMHO, might have legitimate need), but can transfer it outside the UK, EU and EEA, and therefore outside Data Protection laws.

    But that's "okay" (HAH) because they do so with an "agreement" limiting usage.

    Then the kicker .... while they take security seriously, no security is perfect, and if it happens ..... 'we aren't liable'.

    So, they can record medical details provided for medical purposes, ship it all over the damn planet and aren't liable if they lose it?

    Well, wonderful. And Specsavers are hardly a corporate Satan.


    And people wonder why privacy is a hot button for me? :;
    Noli nothis permittere te terere.


  12. #10
    Senior Member
    Join Date
    Jun 2005
    Posts
    799
    Thanks
    427
    Thanked
    58 times in 52 posts
    • Millennium's system
      • Motherboard:
      • Asus Z170 Pro Gamer ATX
      • CPU:
      • Intel i5 6600K @ 4.5GHz 4 core
      • Memory:
      • Corsair VPX 3000 DDR4 (16, 4*4)
      • Storage:
      • 500gb 850 Evo sata3 SSD, 2*2TB Green 5900 Raid 0
      • Graphics card(s):
      • MSI 390 8gb
      • PSU:
      • toughpower 1kw
      • Case:
      • Zalman Z3 Plus
      • Operating System:
      • Windows 10 64bit
      • Monitor(s):
      • VIEWSONIC VG2401MH 144hz (Solid)
      • Internet:
      • Origin ADSL Broadband, not really recommended.

    Re: OK maybe Saracen has a point - *massive* data breach in India

    You're fast converting me Saracen

    lolz
    : n(baby):n(lover):n(sky)|>P(Name)>>not quite

    how do you spend your time online? (Hexus link)

  13. #11
    Admin Saracen's Avatar
    Join Date
    Jul 2003
    Posts
    17,558
    Thanks
    853
    Thanked
    3,023 times in 2,141 posts

    Re: OK maybe Saracen has a point - *massive* data breach in India

    Well, my concern is that many people sleepwalk into loss of privacy.

    I hope that by getting on my hobby horse from .... ahem .... time to time, people reading this will think about it. If they do, then I regard that as a result.

    Whether they agree, or actually do anythjng diferent, is up to them.

    Of course, most regulars here will have heard me say it before, and probably already have thought about it. It's just possible, however, that as the number of stories about data gathering like this, go up and we get a regular drip of corporate data cockups, people may realise that this is a ticking timebomb, and that before long it may be too late to do much.

    It may already be too late.

    It is certainly the case that nobody in the developed world, with the exception of the seriously rich, can entirely avoid leaving a digital footprint. All I can do is take every reasonable step to minimise mine.
    Noli nothis permittere te terere.


Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •