Rs 500, 10 minutes, and you have access to billion Aadhaar details
Group tapping UIDAI data may have sold access to 1 lakh service providers#hack #hacking #security #data #dataleak #cyber #cyberattack
January 5 , 2018
It took just Rs 500, paid through Paytm, and 10 minutes in which an “agent” of the group running the racket created a “gateway” for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India), including name, address, postal code (PIN), photo, phone number and email. What is more, The Tribune team paid another Rs 300, for which the agent provided “software” that could facilitate the printing of the Aadhaar card after entering the Aadhaar number of any individual.
When contacted, UIDAI officials in Chandigarh expressed shock over the full data being accessed, and admitted it seemed to be a major national security breach. They immediately took up the matter with the UIDAI technical consultants in Bangaluru. Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh, accepting that this was a lapse, told The Tribune: “Except the Director-General and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach.”
1 lakh illegal users
Investigations by The Tribune reveal that the racket may have started
around six months ago, when some anonymous groups were created on
WhatsApp. These groups targeted over 3 lakh village-level enterprise
(VLE) operators hired by the Ministry of Electronics and Information
Technology (ME&IT) under the Common Service Centres Scheme (CSCS)
across India, offering them access to UIDAI data.
CSCS operators, who were initially entrusted with the task of making
Aadhaar cards across India, were rendered idle after the job was
withdrawn from them. The service was restricted to post offices and
designated banks to avoid any security breach in November last year.Spotting an opportunity to make a quick buck, more than one lakh VLEs are now suspected to have gained this illegal access to UIDAI data to provide “Aadhaar services” to common people for a charge, including the printing of Aadhaar cards. However, in wrong hands, this access could provide an opportunity for gross misuse of the data. The hackers seemed to have gained access to the website of the Government of Rajasthan, as the “software” provided access to “aadhaar.rajasthan.gov.in”, through which one could access and print Aadhaar cards of any Indian citizen. However, it could not be ascertained whether the “portals” were genuinely of Rajasthan, or it was mentioned just to mislead. Sanjay Jindal said all of this could be confirmed only after a technical investigation was conducted by the UIDAI.
‘Privacy at risk’ “Leakage of Aadhaar data reveals that the project has failed the privacy test. At the recently concluded 11th WTO Ministerial Conference, India submitted a written position on e-commerce, opposing the demand for negotiations on e-commerce by the US and its allies. The latter were demanding access to citizens’ database for free. The revelation by The Tribune also means that the proposed data protection law will now hold no purpose, as the data has already been breached. The state governments must immediately disassociate themselves and cancel the MoU signed with UIDAI,” said Gopal Krishan, New Delhi-based convener of the Citizens Forum for Civil Liberties, who appeared before the Special Parliamentary Committee that examined the Aadhaar Bill in 2010.
- 12:30 pm: This correspondent posing as ‘Anamika’ contacted a person on WhatsApp number 7610063464, who introduced himself as ‘Anil Kumar’. He was asked to create an access portal.
- 12:32pm: Kumar asked for a name, email ID and mobile number, and also asked for Rs 500 to be credited in his Paytm No. 7610063464.
- 12:35 pm: This correspondent created an email ID, aadharjalandhar@gmail.com, and sent mobile number ******5852 to the anonymous agent.
- 12:48 pm: Rs 500 transferred through Paytm.
- 12:49 pm: This correspondent received an email saying, “You have been enrolled as Enrolment Agency Administrator for ‘CSC SPV’. Your Enrolment Agency Administrator ID is ‘Anamika_6677’.” Also, it was said that a password would be sent in a separate mail, which followed shortly.
- 12:50 pm: This correspondent had access to the Aadhaar details of every Indian citizen registered with the UIDAI.
The perils of making Aadhaar mandatory and linking it to bank accounts, as insisted upon by Modi govt, are visible here. Do we need more proof to stop this madness? https://t.co/9OEbitCmDO— Sitaram Yechury (@SitaramYechury) January 4, 2018
‘AADHAR’ data breached yet again!— Randeep S Surjewala (@rssurjewala) January 4, 2018
As every citizen’s personal information is exposed to hackers everyday & ‘Right to Privacy’ is mocked and flouted with impunity, Modi Govt remains immune.
Is anyone listening?https://t.co/UDSfOlSWv9
This is dangerous and criminal negligence of data security. Kudos to the reporter for unveiling the racket. A crackdown on the culprits& a corrective step is imperative: Rs 500, 10 minutes, and you have access to billion Aadhaar details https://t.co/XiYWrzs04H via @thetribunechd— Nitin A. Gokhale (@nitingokhale) January 4, 2018
Rs 500. That's all it takes for someone to steal the data of a billion citizens. Envisioned by UPA as a tool for inclusion, #Aadhaar has become an identity theft nightmare under the NDA. https://t.co/bj5AWLR9JU— Congress (@INCIndia) January 4, 2018
Just hankering to state your article is as amazing. The clearness in your post is just decent and I can expect you are a specialist regarding this matter. Fine with your authorization permit me to snatch your encourage to stay up with the latest with prospective post. You're the best and please keep up the charming work. Nice and effective blog post. The content is too short but effective. I love the information you share here. It’s a well written blog post by you.
ReplyDeleteCustomer_care_number +06291633469
DeleteAny-problem call my agent (24*7) house-contect hair
Contact hair_toll free _1800300989
Customer care services 24/7 hours
Contact hair all number head office
Head office (all-india)___________
Your problem solved-
_______06291633469
_______07063539605
_______07047303458
_______08436046948
(All-india) contact hair_my head office
Call my assistant 24 hours available anyone______
__8670530538
__9631601580
Online detected your amount and pending your amount_problem call my agent assistance
__(24*7)__contect hair
__7478897537
Online problem call my assistant 24 hours available anywhy
All India contact my assistance is 24 hours available all India contact Hare all this number available
_
Customer_care_number +06291633469
Any-problem call my agent (24*7) house-contect hair
Contact hair_toll free _1800300989
Customer care services 24/7 hours
Contact hair all number head office
Head office (all-india)___________
Your problem solved-
_______06291633469
_______07063539605
_______07047303458
_______08436046948
(All-india) contact hair_my head office
Call my assistant 24 hours available anyone______
__8670530538
__9631601580
Online detected your amount and pending your amount_problem call my agent assistance
__(24*7)__contect hair
__7478897537
Online problem call my assistant 24 hours available anywhy
All India contact my assistance is 24 hours available all India contact Hare all this number available
_
Customer_care_number +06291633469
Any-problem call my agent (24*7) house-contect hair
Contact hair_toll free _1800300989
Customer care services 24/7 hours
Contact hair all number head office
Head office (all-india)___________
Your problem solved-
_______06291633469
_______07063539605
_______07047303458
_______08436046948
(All-india) contact hair_my head office
Call my assistant 24 hours available anyone______
__8670530538
__9631601580
Online detected your amount and pending your amount_problem call my agent assistance
__(24*7)__contect hair
__7478897537
Online problem call my assistant 24 hours available anywhy
All India contact my assistance is 24 hours available all India contact Hare all this number available
_
I don’t even know how I ended up here, but I thought this post was great. I do not know who you are but certainly you are going to a famous blogger if you aren't already ;) Cheers! Web design agency
ReplyDelete