Seqrite detects security breach at India's National Internet Registry

CIOL Writers
New Update

Cyber Solutions company, Seqrite along with its partner seQtree detected and notified the Indian government about a security breach at India's National Internet Registry- IRINN (Indian Registry for Internet Names and Numbers). The company in their blog post said that they discovered about the breach via an advertisement that the hackers had apparently had put up as - “access to the servers and database dump of an unspecified Internet Registry” on a darknet platform.


The advertisement posted by the hackers on the darknet forum reads, "As mentioned in the title, selling a database of one of the biggest Internet Protocol controller. In client Database, you can get a username, email ids, passwords, organization name, invoices/billing documents, and few more important fields. You can also control IP range of respective organization. You can entirely shut down that organization. Selling it for 15 BTC (15 BTC evaluates to Rs 42 lakhs).”

The company said that on noticing the broadcast advertisement, the team realized that the persona was created recently – an ongoing trend seen with other recent data breaches. They then contacted the actor for further details, posing as an interested buyer, and were finally able to get a sample of the email list.

The email list contained data of several government organizations, telecom companies, multiple financial institutions and technology companies such as Unique Identification Authority of India(UIDAI), Bharat Sanchar Nigam Limited(BSNL), Bombay Stock Exchange(BSE), and many others.

Ankush Johar, Director, said, "Disrupting the internet is one small part of the real risks if the data falls into wrong hands. If exploited, a malicious user could infect even the most trusted and secured websites & servers to display real looking, backdoored pages and steal critical information of hundreds of millions of Indians." He further said that the security breach is a wake-up call for the Indian government suggesting the present security mechanisms are not enough to safeguard the citizens of the country.

cyber-security data-breach