Dark Web’s Aadhaar leaks expose India’s digital dilemma
Resecurity recently made public a sizable collection of personally identifiable information (PII) pertaining to citizens of India. This disturbing revelation has revealed that Aadhaar cards and other sensitive data are being traded on the infamous Dark Web.
Understanding Aadhaar
Aadhaar, the unique 12-digit identification number issued by the Unique Identification Authority of India (UIDAI) on behalf of the Indian government, has been at the heart of this discovery. Although the enrollment in the Aadhaar system is voluntary and it primarily serves as proof of residence in India, it has increasingly become an integral part of the lives of Indian residents.
The system, which has issued over 1.4 billion Aadhaar IDs since its inception in 2009, stands as one of the most extensive biometric ID programs globally. It includes core biometric data such as ten fingerprints and two iris scans, facilitating a range of digital services, including electronic payments, online Know Your Customer (e-KYC) verification, and compatibility with various Indian financial platforms. Additionally, Aadhaar simplifies processes like e-tax filing, bill payments, and financial asset management.
Linking Aadhaar and Voter Registration
However, the linkage of Aadhaar with voter registration has raised significant concerns. As of February 2023, approximately 60% of eligible Indian voters, amounting to a staggering 945 million people, had connected their Aadhaar cards to their voter IDs. Yet, this move has sparked debates, with critics expressing apprehension over potential disenfranchisement and privacy-related issues.
Controversies Surrounding Aadhaar
While Aadhaar has been praised for its utility, it has also faced criticism. Prior to Moody’s concerns regarding the reliability of Aadhaar’s biometric authentication controls, a 2022 Brookings report highlighted various issues, including an insecure ecosystem, lack of data standards, and concerns about transparency and accountability within the UIDAI. An audit by the Comptroller and Auditor General (CAG) of India in April 2022 revealed that the UIDAI had inadequately regulated its client vendors and safeguarded their data vaults.
Dark Web Sale of Indian Data
On October 9th, an individual using the alias ‘pwn0001’ posted a thread on Breach Forums, advertising access to an astonishing 815 million “Indian Citizen Aadhaar & Passport” records. To put this into context, India’s entire population is just over 1.486 billion people. Shockingly, ‘pwn0001’ was willing to part with the entire Aadhaar and Indian passport dataset for a staggering $80,000.
The dataset offered by ‘pwn0001′ comprises an extensive array of PII fields belonging to Indian citizens, encompassing details such as names, fathers’ names, phone numbers, passport numbers, ages, addresses, and more. Regrettably, the source of this data leak remains undisclosed.
At the same time, ‘pwn0001’ provided spreadsheets containing fragments of Aadhaar data as evidence. Resecurity’s analysts verified the authenticity of Aadhaar credentials in one of these samples through a government portal’s “Verify Aadhaar” feature.
Another Data Leak Raises Concerns
On August 30th, an individual using the alias ‘Lucius’ posted a thread on Breach Forums, publicizing a 1.8-terabyte data leak that affected an undisclosed “India internal law enforcement organization.” This leak contained an even more extensive array of PII data, including Voter IDs and driving license records. The reference to law enforcement in ‘Lucius’s’ post may be an attempt to obscure the true source of the data.
Implications of Data Leaks
The exposure of Indian PII data on the Dark Web poses a substantial risk of digital identity theft. Cybercriminals can exploit these stolen credentials for various financially motivated scams, such as online banking theft and e-tax refund frauds.
India’s Cybersecurity Landscape
Resecurity’s findings align with the growing prominence of India in the global cyber threat landscape. India has emerged as a top target for cyberattacks, ranking highly in online banking malware detection and all malware detections in the first half of 2023, according to vendor surveys.
Indian businesses have witnessed an increase in disruptive cyberattacks, with government and essential services organizations experiencing a substantial rise. Ransomware attacks have become a significant concern, and India has experienced a high incidence of such attacks in Southern Asia.
Given India’s economic growth and increasing geopolitical importance, it has become an attractive target for cyber threat actors. Geopolitical rivalries, such as India’s relationship with China and the U.S.’s efforts to strengthen ties with India, further underscore the importance of securing sensitive data.
The Ongoing Threat
Despite the growing threat landscape, many Indian citizens remain unaware that their data is being sold online. Additionally, the Indian government has been defending the reliability and security of Aadhaar data, even as data breaches continue to occur. The turmoil in the Middle East has contributed to the increase in Aadhaar data breaches, as hacktivists capitalize on the chaos to profit from stolen data on the Dark Web.
Beyond Text Data
Cybercriminals are also marketing scanned IDs from breached systems, intensifying the risk of identity theft and fraud, particularly in online banking and e-commerce.
The leakage of PII data, including Aadhaar information, on the Dark Web poses a substantial risk to Indian citizens. Threat actors use this stolen information for various cyber-enabled financial crimes, emphasizing the need for increased vigilance and cybersecurity measures.
Source: Resecurity
Facebook
Instagram
Youtube
Twitter
Leave a Reply