The threat of cyber attacks in the digital age hit home, again, on October 16 when US-based cybersecurity firm Cyble Inc reported a data breach on Indian Prime Minister Narendra Modi’s website narendramodi.in.
First indications of the website being compromised came on September 3, 2020, when Twitter confirmed that Modi’s personal account had been hacked. The hack was followed by a series of tweets sent through the account, asking people to donate to several relief funds with cryptocurrency. Cyble’s subsequent investigation revealed that the Twitter account had been compromised through Modi’s website’s notification linked with Twitter. Cyble has claimed in its blog that it had informed India’s Computer Emergency Response Team (CERT-In) about its findings on September 3.
On October 10, Cyble discovered that data from the website had been leaked on the dark web. One of the leaked databases included personal information of users who had donated funds to the PM Relief Fund and several other such funds for the PM’s pet causes such as “Beti Bachao Beti Padhao (girl child education)”. According to Cyble, personal information of 5,70,000 users of the website, including names and contact details were available on the dark web. One of the databases also included bank-related information from some users.
CERT-In didn’t reply to Inc42‘s queries about the data leak by the time of publication.
The dark web refers to a network of decentralised websites where users’ data can’t be tracked. These websites aren’t indexed by search engines and often end with the suffix .onion. Many such websites host marketplaces for hackers and data criminals where they can buy or sell stolen data or hacking tools.
In most instances, data once available on the dark web can not be pulled down by third parties. Although, several sites are routinely pulled down by the hosts themselves for reasons ranging from the threat of law enforcement agencies to scamming their customers on the dark web.
“With such a large repository of unauthorized personal information of Indian citizens, the data has a potential for being misused for malpractices such as phishing emails, spam text messages, etc,” wrote Cyble in its blog post.
Data Hacks For Cyber Warfare
Vineet Kumar, the founder of Cyber Peace Foundation (CPF), a think tank of cybersecurity and policy experts, says that with increased digitisation of companies and their processes, data has become the new oil. Hence, anti-social elements are drawn to hacking and other sophisticated practices to launch modern-age attacks on people and countries as such.
“There have been instances where Indian government websites have been hacked by China-based actors. These are examples of tactics being employed for cyber warfare,” says Kumar, also acknowledging that in some cases, money is the only motivation for hackers.
“You get good money when you sell users data on the dark web. Hackers discovering vulnerabilities and using SQL injections to pull entire databases remains a common practice for hacking.”
Indian Startups Don’t Prioritise Cybersecurity
Last week, Cyble also discovered that data of users on India matchmaking platform BharatMatrimony was being sold on the dark web. The hacker behind the leak was believed to have exploited an SQL injection vulnerability. Cyble said that the data was being sold by the hacker in various cybercrime forums for as low as $500 equivalent in Bitcoins, a popular cryptocurrency. Earlier this month, Inc42 reported on a data leak on Indian edtech platform Edureka, with at least 2 Mn users impacted. Government-sanctioned travel marketplace RailYatri also suffered a significant data breach in August this year which left the data of 7 lakh users exposed.
Kumar feels that as Indian startups scramble to lure investors and raise growth capital in an intensely competitive market, ensuring the security of users’ data is the last of their concerns.
“I think startups and SMEs are particularly lax in terms of ensuring cybersecurity. They only take it seriously after the breach has happened, which is very irresponsible, but a sign of our times. Amid the pandemic, the world has moved very quickly to digital processes and somewhere, we forget the perils of technology,” says Kumar.
“You’ll see a lot of these Indian startup platforms get hacked in the near future. Hackers know that lapses will happen here since cyber hygiene isn’t being maintained by these companies.”
Kumar’s observations can be verified with data released by the India government, which suggests that even the government-run websites remain vulnerable to cyber attacks.
Indian Govt Websites Face Cyber Attacks
Government data shows that in 2019 alone, India witnessed 3.94 lakh instances of cybersecurity breaches. In terms of hacking of state and central government websites, Indian Computer Emergency Response Team (CERT-In) data shows that a total of 336 websites belonging to central ministries, departments and state governments were hacked between 2017 and 2019.
According to Nasscom’s Data Security Council of India (DSCI) report 2019, India witnessed the second-highest number of cyber attacks in the world between 2016 and 2018. This comes at a time when digitisation of the Indian economy is predicted to result in a $435 Bn opportunity by 2025.
Kumar maintains that the growing instances of cyber attacks haven’t led to a much-needed awareness about cybersecurity amongst Indian companies.
“There is much being done by CERT-In. They put out advisories to help companies secure their online platforms and make it a safe space for their users. However, smaller companies prioritise growth over anything else. In most instances, after the discovery of the data leak, most Indian companies don’t even acknowledge it or they downplay the threat factor because they worry it will affect investor sentiment,” says Kumar.
When asked about steps that users can take to secure their data that is stored with several websites, Kumar says password protection is the best bet.
“Most people use the same password for multiple platforms. Hackers are aware of this. If data from one platform is compromised, your data on other platforms will also become vulnerable to an attack. Different passwords for every platform, and regularly changing security credentials is the need of the hour. Apart from that, users are at the mercy of the websites they use and the cybersecurity measures put in place by these platforms,” Kumar says matter-of-factly.