Global IT security firm Quick Heal's Enterprise Security brand Seqrite has discovered an advertisement on DarkNet forum that claims to have access to data of over 6,000 Indian businesses that include Internet Service Providers (ISPs), some of the key government organisations, banks and enterprises.Seqrite Cyber Intelligence Labs, along with its partner seQtree InfoServices, tracked the advertisement where the unknown hacker has priced the information at 15 Bitcoins (nearly Rs 42 lakh) and is offering network takedown of affected organisations for an unspecified amount, the company said in a statement on Tuesday."This can be a major tool of mass disruption if a non-state actor gets hands on it," Seqrite said on its website. The organisations whose services may be at risk are: UIDAI (Aadhaar), Idea Telecom, Bombay Stock Exchange (BSE), Flipkart, DRDO, Aircel, Reserve Bank of India, BSNL, SBI, TCS, ISRO, ICICI Prudential Mutual Fund, VMWare, Employees' Provident Fund Organisation and various Indian state government portals, among others."We have alerted the government authorities well within time.
If someone gets control over this massive data that is currently up for sale on DarkNet, the above mentioned organisations and enterprises can get affected," Rohit Srivastwa, Senior Director, Cyber Education and Services at Quick Heal, told IANS.Following a detailed investigation, researchers identified the affected organisation as India's national Internet registry IRINN (Indian Registry for Internet Names and Numbers) which comes under the National Internet Exchange of India (NIXI). As a precautionary measure, Seqrite reached out to the government authorities and Asia Pacific Network Information Centre (APNIC), recommending to them to alert all potentially affected organisations and urge them to change passwords and get their servers and systems patched with latest updates.
According to the researchers, the seller claims to have the ability to tamper the IP allocation pool, which could result in a serious outage or Denial of Service (DoS) attack-like condition."This could impact various content delivery network (CDN) and hosting providers as well. If the hacker gets an interested buyer, then an attack on the system could disrupt Internet IP allocation and affect Internet services in India," the company said."Along with the access, the hacker is also selling credentials and various contractual business documents and claims to have access to a large database of Asia Pacific Network Information Centre (APNIC)," it added.The IRINN provides allocation and registration services of IP addresses and autonomous system numbers. It comes under NIXI which "is the neutral meeting point of the ISPs in India with the primary objective being the facilitation of exchange of domestic Internet traffic between peering ISP members".