A report shows that around 3000 government email IDs were found to be compromised recently. The breached email IDs reportedly have 'gov.in' extension with them. Moreover, the IDs and the passwords are available in plain text across multiple databases of leaked emails, as per the reports.
The Quint has reportedly found at least twenty government official email IDs among the leaked ones. The list includes various ministry departments and government individuals from Bhabha Atomic Research Centre, ISRO, Securities and Exchanges Board of India and Atomic Energy Regulatory Board.
Most of the breached email IDs belong to the "former and current ambassadors, serving and retired scientists in ISRO and senior bureaucrats" across the government, as the report suggests. There isn't any confirmation if this is a work of outsiders or not. We still don't have any leads on the leaked information yet.
However, it is clear that the leakage happened due to weak passwords. The Quint report clearly mentions:
According to independent cyber security researchers who have accessed the databases, a telling pattern among the compromised IDs is the weakness of the passwords.
We should mention that only the government officials under central and state or UT governments have access to the email Ids with 'gov.in' extension. This kind of incident forces us to wonder if the officials are carrying out their duty properly or not. Reports also indicate that hackers are especially targeting scientists, nuclear scientists, and researchers.
We are well informed about the North Korean cyberattack on Kudankulam Nuclear Power Plant on September 3rd. The reports reveal that research centers and institutions working on nuclear energy are mostly affected due to this. A Hyderabad based cybersecurity startup also recently found that over 3,000 government IDs to be compromised.
These are rising a major doubt among common people and the government bodies. Moreover, in the future, it can seriously bring harm to Indian national security.
Targets and the reason
Data breaching is a major problem worldwide. India is also a victim of data leakage and the last five years saw the rapid growth of it.
Hackers can leak public data from any kind of weak public portal. They introduce ransomware to attack the individual database and steal the data.
Sai Krishna Kothapalli, the founder of Hackrew says that, though our personal data is not public, any hacker can easily find the needed data with the help of technology at present.
What we have right now is a culmination of several such breaches that happened in the last seven years, obtained through various channels like some from deep web forums, IRCs, some from other dark web websites - Sai Krishna Kothapalli, the Founder of Hackrew
The result of the analysis simply indicates that the lack of strong passwords and enough security is resulting in data leakage. Most importantly, the leaked passwords exist in simple text. Therefore it will be easier to access the government email IDs if you use the same passwords for a long time.
Kothapalli says, "Right now, we have close to 1.85 billion credentials. Some of these came from breaches from other websites while others came from some secret lists which got leaked from various sources".
The scariest part of the whole incident is that most of the breached IDs belong to the nuclear research scientists, IT developers, and ISRO officials. The report also mentions that the hackers had sent phishing emails with malicious links to many senior nuclear scientists.
All the bits of information indicate to several unidentified hacking organization those are trying to steal data on thorium-based nuclear programs. If such practice is continued, the national security will be endangered.
The Government of India should take proper initiatives to stop such malpractice. Most of the leaked information is very important for the nation. Therefore, they should be maintained under the highest security with proper infrastructure. The officials must have basic training to secure such valuable information.
If the government does not give importance to such matters, ignorance may result in the destruction of our nation.