Indian Council of Medical Research (ICMR) is said to be the source from which the hackers stole the date of allegedly 81.5 Crore Indian citizens. Government of the Republic of India has not made any official remarks about the claim and some ministers have informed the media, that probes are underway to investigate the same.
The seller claims he possesses the following data (and also some more)
2. Passport Number
3. Fathers Name
6. Phone Number
7. Aadhar Number
8. Other Number
11. Pin code
The hacker has shared samples to prove the data he is sharing is genuine and has made public data of around four lakh individuals. Resecurity says they even went ahead to verify if the data was genuine and came to the conclusion it indeed was genuine data.
Computer Emergency Response Team (CERT) have informed ICMR about the data leak and Central Bureau of Investigation would probe the following if and when they receive a complaint from ICMR.
India has faced many attempted data leaks recently and the ICMR data leak would be the biggest data leak in history of our country (if the alleged number turns out to be true).
For Detailed understanding of the concepts like data leak, the dark web and etc continue reading the article.
Data Breaches and Dark Web
Who is a Hacker?
The way you define a hacker is quite complex and defer from person to person and organization to organization but for the sake of simplicity any person skilled in information and technology who uses their technological know-how to gain unauthorized access by breaching into computer systems, servers etc. can be called a Hacker.
CISCO defines the same as - A hacker is a person who breaks into a computer system. The reasons for hacking can be many: installing malware, stealing or destroying data, disrupting service, and more. Hacking can also be done for ethical reasons, such as trying to find software vulnerabilities so they can be fixed.
Types of Hackers?
The type of hacking can be divided into three categories depending on the intent of their actions.
1. White Hat Hackers
Also known commonly as an ethical hacker is an individual who uses their skillset to identify vulnerabilities in systems (hardware, software or networks). They respect the rule of all and abide by it. They are legally permitted by organisations to seek vulnerabilities or exploits by penetration testing and other such tools. They also hack and disclose to the company or a product owner about the flaws and vulnerabilities of any service with operates a bug bounty program.
2. Grey Hat Hackers
They can be categorised as a hacker who does the same work as a white hat hacker, i.e., find vulnerabilities in systems to in tern get them fixed but they sometimes violate laws or ethical standards like black hat hackers but they don’t have any malicious intentions.
3. Black Hat Hackers
Individuals who hack into system with malicious intents of causing harm and spreading havoc for their personal gain are black hat hackers. They are criminals and they steal data from corporations and organisations, they even make and plant malware for there gain. These types of hackers are the one who engineer and execute data breaches (read about it later in this article) and at times even sell the data on the Dark Web (read about it later in this article).
World Wide Web (WWW)
Commonly known as the Web is a system which enables sharing content over the internet. It is a globally accessible database of information including many types of data like documents images videos text audio etc. The Web is based on several different technologies the most famous being Hypertext Markup Language (HTML) and Hypertext Transfer Protocol (HTTP). It is a cross platform information system and is open source, dynamic, interactive and ever evolving.
Types of Webs
1. Surface Web
As the name suggests the surface web is the top surface level of the whole Web this portion of is readily available to the general public and is searchable with standard search engines. The everyday activities we perform on the internet like browsing, online content consumption (YouTube videos, news articles) sharing information are done on the surface web.
2. Deep Web
The invisible or hidden part of the web with content not accessible by search engines. Deep web sites can be accessed via the URL or IP address and these are generally password protected to prevent any unauthorised access. The content is either not for the general public or is sensitive and personal hence only accessible for specific individuals or organisations.
3. Dark Web
Private network where people can communicate remotely and conduct business with anonymity without divulging any information or locaters about themselves. Dark Web websites can only be accessed via special browsers which are capable of onion routing (as messages are encapsulated and encrypted in many layers like an onion hence the name). The dark web is used for many crimes as well as it is anonymous. Data stolen in data breaches are is also sold here. For easier understanding of the topic take for example a picture having a physical copy is like storing it on the Surface Web anyone can interact with the same. Storing the same on a cloud service is like deep web as one needs your username and password to access the same.
Whilst the dark web is like storing the picture on your phone, hence special tools (having remote access) are the only way to access the same.
"A data breach is any security incident in which unauthorized parties gain access to sensitive data or confidential information, including personal data (Social Security numbers, bank account numbers, healthcare data) or corporate data (customer data records, intellectual property, financial information)." - IBM
"To define data breach: a data breach exposes confidential, sensitive, or protected information to an unauthorized person. The files in a data breach are viewed and/or shared without permission. Anyone can be at risk of a data breach — from individuals to high-level enterprises and governments. More importantly, anyone can put others at risk if they are not protected." - Kaspersky
For Hacker the information gathered during a data breach is like a data heaven which they can use to exploit any vulnerabilities they even sell the same data on dark web for monetary gains. This data depending on its sensitivity can be a huge problem for the individuals whose data is now in wrong hands.