This post has been self-published on Youth Ki Awaaz by synackscan. Just like them, anyone can publish on Youth Ki Awaaz.

Database Dump of 6000 Indian Companies Leaked

As soon as news was came out that hackers may have accessed sensitive data of more than 6000 Indian companies from National Internet Exchange of India, a statement was released by the spokesperson of NIXI ‘denying’ any such leak. The statement as reported by several news outlets not only fails to inspire any confidence but also raises several doubts about the security mechanisms in place. As per the news reports, the statement reads as below:

‘It has come to our knowledge that a business organization dealing with enterprise security solution has sent information to various news agencies that it has found that an advertisement was given on darknet announcing secret access to data bases of over 6000 business and ISPs, Government and private organization and the said actor is attempting to sell this database of Indian Registry for Internet Names and Numbers (IRINN). It claimed that seller’s ability to temper the IP allocation pool will cause huge outage or distributed denial of service. It also mentioned the names of several prominent private and Government entities were displayed by the actor. 

NIXI hereby clarifies that there has been no serious security breach of its IRINN system, as it has a robust security protocol in place. The hacker has no capacity to cause any damage or initiate distributed denial of service to any entity who has been allocated Internet resources through IRINN System. There was an attempt to penetrate the system and hacker was able to collect some basic profile information of the contact persons of some of the affiliates which was displayed by him on the darknet. 

The existing security protocol of NIXI is robust and capable in countering such attacks. However, following this breach, security protocol has been further strengthened and review of existing infrastructure has also been initiated. 

We assure our affiliates and all concerned that our system is secured and security protocol in practice is capable of handling such attacks. The claim by the actor of Dark Net is audacious and far from truth.

(emphasis mine)

The tone of the above statement clearly shows that NIXI is trying to downplay the seriousness of the issue. If one reads closely, there is at least one thing very clear that there was, in fact, an attempt to penetrate NIXI and some data was stolen by the hacker(s). The original blogpost of seQtree InfoServices (the security arm of Quick Heal, who had tracked down the database leak) would show that the data which is now on sale is not just ‘some basic profile information’ as claimed by NIXI. The statement by the registry also fails to indicate the timeline as to when the alleged act of hacking took place and for how long they had knowledge of the breach. If NIXI was aware of the data breach then why it waited for a private company to announce data breach on their blog? We do not know if NIXI alerted the affected organisations and taken any preventive measures from further attacks? From the tenor of the statement, it is plausible that NIXI had no knowledge about the breach before seQtree informed them.

NIXI has also assured that their systems are secure and the security protocol is strong enough to avert any DOS type attacks. The statement released by NIXI is very vague and makes it difficult to estimate the extent of damage which can be caused with the type of leaked information. Can NIXI also ensure that the information leaked from the registry cannot be used by malicious hackers from starting a social engineering campaign to further compromise individual organisations? One needs to be reminded that on the list of affected organisations there are not only government websites but also organisations like UIDAI which retain private and sensitive data of private individuals, who will have no recourse if their information is abused for other ulterior purposes by hackers.

The response from NIXI is not only weak but also very opaque. In order to deal with such situations there needs to be more transparency and accountability in the manner in which organisations like NIXI protects itself and its customers from such threats. By barely denying and implicitly admitting the security loopholes in the system may save one from the wrath of media houses but would render sensitive data of thousands of people/ organisations exposed to malicious attacks by cyber criminals and rogue foreign/ domestic state actors alike.

 

SOURCES:

http://blogs.seqrite.com/cyber-intelligence-averted-major-internet-service-disruption-in-india/

http://www.moneycontrol.com/news/trends/current-affairs-trends/uidai-bse-among-6000-indian-organisations-reportedly-affected-by-data-breach-2404223.html/amp

National Internet Exchange denies breach in IRINN database http://www.ecoti.in/oMLbAZ

http://www.thehindubusinessline.com/info-tech/nixi-refutes-claims-of-serious-data-breach-of-india-internet-registry/article9886256.ece

 

Also available at author’s blog: https://synackscan.wordpress.com/2017/10/04/database-dump-of-6000-indian-companies-leaked/

Youth Ki Awaaz is an open platform where anybody can publish. This post does not necessarily represent the platform's views and opinions.

You must be to comment.

More from synackscan

Similar Posts

By Krishna Kant Tripathi

By Peeyush Kaushik

By Sruthi Sreekala

Wondering what to write about?

Here are some topics to get you started

Share your details to download the report.









We promise not to spam or send irrelevant information.

Share your details to download the report.









We promise not to spam or send irrelevant information.

An ambassador and trained facilitator under Eco Femme (a social enterprise working towards menstrual health in south India), Sanjina is also an active member of the MHM Collective- India and Menstrual Health Alliance- India. She has conducted Menstrual Health sessions in multiple government schools adopted by Rotary District 3240 as part of their WinS project in rural Bengal. She has also delivered training of trainers on SRHR, gender, sexuality and Menstruation for Tomorrow’s Foundation, Vikramshila Education Resource Society, Nirdhan trust and Micro Finance, Tollygunj Women In Need, Paint It Red in Kolkata.

Now as an MH Fellow with YKA, she’s expanding her impressive scope of work further by launching a campaign to facilitate the process of ensuring better menstrual health and SRH services for women residing in correctional homes in West Bengal. The campaign will entail an independent study to take stalk of the present conditions of MHM in correctional homes across the state and use its findings to build public support and political will to take the necessary action.

Saurabh has been associated with YKA as a user and has consistently been writing on the issue MHM and its intersectionality with other issues in the society. Now as an MHM Fellow with YKA, he’s launched the Right to Period campaign, which aims to ensure proper execution of MHM guidelines in Delhi’s schools.

The long-term aim of the campaign is to develop an open culture where menstruation is not treated as a taboo. The campaign also seeks to hold the schools accountable for their responsibilities as an important component in the implementation of MHM policies by making adequate sanitation infrastructure and knowledge of MHM available in school premises.

Read more about his campaign.

Harshita is a psychologist and works to support people with mental health issues, particularly adolescents who are survivors of violence. Associated with the Azadi Foundation in UP, Harshita became an MHM Fellow with YKA, with the aim of promoting better menstrual health.

Her campaign #MeriMarzi aims to promote menstrual health and wellness, hygiene and facilities for female sex workers in UP. She says, “Knowledge about natural body processes is a very basic human right. And for individuals whose occupation is providing sexual services, it becomes even more important.”

Meri Marzi aims to ensure sensitised, non-discriminatory health workers for the needs of female sex workers in the Suraksha Clinics under the UPSACS (Uttar Pradesh State AIDS Control Society) program by creating more dialogues and garnering public support for the cause of sex workers’ menstrual rights. The campaign will also ensure interventions with sex workers to clear misconceptions around overall hygiene management to ensure that results flow both ways.

Read more about her campaign.

MH Fellow Sabna comes with significant experience working with a range of development issues. A co-founder of Project Sakhi Saheli, which aims to combat period poverty and break menstrual taboos, Sabna has, in the past, worked on the issue of menstruation in urban slums of Delhi with women and adolescent girls. She and her team also released MenstraBook, with menstrastories and organised Menstra Tlk in the Delhi School of Social Work to create more conversations on menstruation.

With YKA MHM Fellow Vineet, Sabna launched Menstratalk, a campaign that aims to put an end to period poverty and smash menstrual taboos in society. As a start, the campaign aims to begin conversations on menstrual health with five hundred adolescents and youth in Delhi through offline platforms, and through this community mobilise support to create Period Friendly Institutions out of educational institutes in the city.

Read more about her campaign. 

A student from Delhi School of Social work, Vineet is a part of Project Sakhi Saheli, an initiative by the students of Delhi school of Social Work to create awareness on Menstrual Health and combat Period Poverty. Along with MHM Action Fellow Sabna, Vineet launched Menstratalk, a campaign that aims to put an end to period poverty and smash menstrual taboos in society.

As a start, the campaign aims to begin conversations on menstrual health with five hundred adolescents and youth in Delhi through offline platforms, and through this community mobilise support to create Period Friendly Institutions out of educational institutes in the city.

Find out more about the campaign here.

A native of Bhagalpur district – Bihar, Shalini Jha believes in equal rights for all genders and wants to work for a gender-equal and just society. In the past she’s had a year-long association as a community leader with Haiyya: Organise for Action’s Health Over Stigma campaign. She’s pursuing a Master’s in Literature with Ambedkar University, Delhi and as an MHM Fellow with YKA, recently launched ‘Project अल्हड़ (Alharh)’.

She says, “Bihar is ranked the lowest in India’s SDG Index 2019 for India. Hygienic and comfortable menstruation is a basic human right and sustainable development cannot be ensured if menstruators are deprived of their basic rights.” Project अल्हड़ (Alharh) aims to create a robust sensitised community in Bhagalpur to collectively spread awareness, break the taboo, debunk myths and initiate fearless conversations around menstruation. The campaign aims to reach at least 6000 adolescent girls from government and private schools in Baghalpur district in 2020.

Read more about the campaign here.

A psychologist and co-founder of a mental health NGO called Customize Cognition, Ritika forayed into the space of menstrual health and hygiene, sexual and reproductive healthcare and rights and gender equality as an MHM Fellow with YKA. She says, “The experience of working on MHM/SRHR and gender equality has been an enriching and eye-opening experience. I have learned what’s beneath the surface of the issue, be it awareness, lack of resources or disregard for trans men, who also menstruate.”

The Transmen-ses campaign aims to tackle the issue of silence and disregard for trans men’s menstruation needs, by mobilising gender sensitive health professionals and gender neutral restrooms in Lucknow.

Read more about the campaign here.

A Computer Science engineer by education, Nitisha started her career in the corporate sector, before realising she wanted to work in the development and social justice space. Since then, she has worked with Teach For India and Care India and is from the founding batch of Indian School of Development Management (ISDM), a one of its kind organisation creating leaders for the development sector through its experiential learning post graduate program.

As a Youth Ki Awaaz Menstrual Health Fellow, Nitisha has started Let’s Talk Period, a campaign to mobilise young people to switch to sustainable period products. She says, “80 lakh women in Delhi use non-biodegradable sanitary products, generate 3000 tonnes of menstrual waste, that takes 500-800 years to decompose; which in turn contributes to the health issues of all menstruators, increased burden of waste management on the city and harmful living environment for all citizens.

Let’s Talk Period aims to change this by

Find out more about her campaign here.

Share your details to download the report.









We promise not to spam or send irrelevant information.

A former Assistant Secretary with the Ministry of Women and Child Development in West Bengal for three months, Lakshmi Bhavya has been championing the cause of menstrual hygiene in her district. By associating herself with the Lalana Campaign, a holistic menstrual hygiene awareness campaign which is conducted by the Anahat NGO, Lakshmi has been slowly breaking taboos when it comes to periods and menstrual hygiene.

A Gender Rights Activist working with the tribal and marginalized communities in india, Srilekha is a PhD scholar working on understanding body and sexuality among tribal girls, to fill the gaps in research around indigenous women and their stories. Srilekha has worked extensively at the grassroots level with community based organisations, through several advocacy initiatives around Gender, Mental Health, Menstrual Hygiene and Sexual and Reproductive Health Rights (SRHR) for the indigenous in Jharkhand, over the last 6 years.

Srilekha has also contributed to sustainable livelihood projects and legal aid programs for survivors of sex trafficking. She has been conducting research based programs on maternal health, mental health, gender based violence, sex and sexuality. Her interest lies in conducting workshops for young people on life skills, feminism, gender and sexuality, trauma, resilience and interpersonal relationships.

A Guwahati-based college student pursuing her Masters in Tata Institute of Social Sciences, Bidisha started the #BleedwithDignity campaign on the technology platform Change.org, demanding that the Government of Assam install
biodegradable sanitary pad vending machines in all government schools across the state. Her petition on Change.org has already gathered support from over 90000 people and continues to grow.

Bidisha was selected in Change.org’s flagship program ‘She Creates Change’ having run successful online advocacy
campaigns, which were widely recognised. Through the #BleedwithDignity campaign; she organised and celebrated World Menstrual Hygiene Day, 2019 in Guwahati, Assam by hosting a wall mural by collaborating with local organisations. The initiative was widely covered by national and local media, and the mural was later inaugurated by the event’s chief guest Commissioner of Guwahati Municipal Corporation (GMC) Debeswar Malakar, IAS.

Sign up for the Youth Ki Awaaz Prime Ministerial Brief below