The enterprise arm of a Pune based IT security firm, Quick Heal, Seqrite has claimed they spotted an advertisement on DarkNet forum that claims access to data of over 6,000 Indian businesses. This means that sensitive information of organizations including service providers, banks and government has been breached by an unknown cybercriminal who has priced it at 15 Bitcoins (nearly Rs 42 lakh).
Seqrite Cyber Intelligence Labs, along with its partner seQtree InfoServices, tracked the advertisement where the unknown hacker is offering network takedown of affected organisations for an unspecified amount. They even disguised as buyers and contacted the advertisers for their services.
“This can be a major tool of mass disruption if a non-state actor gets hands on it,” Seqrite said on its website.
Organisations whose services may be at risk include UIDAI, Idea, BSE, Flipkart, DRDO, Aircel, RBI, BSNL, SBI, TCS, ISRO, EPFO, among several others.
According to the information, the nation’s internet registry was also hit by the attack, but the organization says the information obtained was trivial.
However, government officials managing the entire Internet protocols in India have denied any such leak.
The National Internet Exchange of India (NIXI) released a statement condemning the notice as announced by the Darknet hacker. The NIXI clarified that there was no serious breach of the Indian registry database. “There was an attempt to penetrate the system and hackers were able to collect some basic profile information of the contact persons of some of the affiliates which were displayed by him on the darknet. There has been no serious security breach of its IRINN system, as it has a robust security protocol in place. The hacker has no capacity to cause any damage or initiate distributed denial of service to any entity who has been allocated Internet resources through IRINN System,” said a NIXI spokesperson.
The hackers have meanwhile claimed to disrupt business operations of any business they want, on demand. Maybe the amount of bitcoins charged would be even more for such ‘request’.