Two months after the discovery of a massive data breach involving personal information of over 81 crore Indian citizens from the Indian Council of Medical Research (ICMR) database, authorities have taken significant steps in response. Delhi Police, following a meticulous investigation, arrested four individuals from different states. During the interrogation of the suspects, a shocking revelation emerged as they not only claimed to be responsible for the ICMR data breach but also asserted their involvement in stealing data from the Federal Bureau of Investigation (FBI) and the Computerised National Identity Card (CNIC), Pakistan's counterpart to India's Aadhaar card. Information reagrding the same was reported by The Indian Express.
Insights from Central Agencies
A senior officer from a central intelligence agency shed light on the ongoing investigation. Delhi Police initiated the investigation earlier this month, resulting in the filing of a First Information Report (FIR). Subsequently, four individuals from diverse backgrounds were taken into custody. This group comprised a B.Tech degree holder from Odisha, two school dropouts from Haryana, and an individual from Jhansi. A Delhi court has remanded them into police custody for a seven-day period. The arrested individuals disclosed during their initial questioning that they had first crossed paths on a gaming platform approximately three years ago. Over time, their acquaintanceship developed into a friendship, eventually leading them down a path in pursuit of quick financial gains, according to the same officer.
Unearthing the ICMR Data Breach
The data breach came to the forefront in October when intelligence officers stumbled upon the compromised data on the dark web. The exposed data included sensitive information, such as Aadhaar and passport records. Swiftly, the matter was reported to the Indian Computer Emergency Response Team (CERT-In), the national body responsible for addressing cybersecurity threats like hacking and phishing. CERT-In acted promptly, seeking to verify the authenticity of the exposed data. Relevant government departments were contacted to cross-reference the information with official records. A sample of data, drawn from around 1 lakh individuals, underwent scrutiny. Out of these, information from 50 individuals was found to match the data retrieved from the dark web.
Considering the gravity and sensitivity of the situation, an immediate investigation was launched, culminating in the arrest of the four suspects last week. Authorities continue to delve into the modus operandi behind the data theft, as emphasized by the official.
Role of Resecurity in Detection
Interestingly, American cybersecurity and intelligence agency Resecurity played a pivotal role in uncovering the breach. In a blog post, they detailed the incident, explaining that on October 9, a threat actor operating under the pseudonym 'pwn0001' had posted a thread on Breach Forums, offering access to 815 million records of "Indian Citizen Aadhaar & Passport." Resecurity's HUNTER unit had detected millions of personally identifiable information records, including Aadhaar cards, belonging to Indian residents, being peddled on the Dark Web in early October.
Meanwhile, in a previous statement, Union Minister of State for Electronics and IT, Rajeev Chandrasekhar, had briefed reporters in Bhopal about the situation. He acknowledged evidence of a data leakage and an ongoing investigation. Crucially, he clarified that the data was not stolen but was part of various departments' COVID related information, encompassing testing, vaccination, diagnosis, and more. Access had been granted to multiple individuals, raising suspicions of a potential leak, which prompted the investigative efforts.
Share
Tweet
