Has the CIA already stolen India's Aadhaar database?

Project Dharma

meh
Senior Member
Joined
Oct 4, 2016
Messages
4,836
Likes
10,862
Country flag






How CIA Spies Access India’s Biometric Aadhaar Database
How CIA agents can access Aadhaar database via UIDAI certified company Cross Match.

By
Shelley Kasli
-
August 25, 2017
19369

Share on Facebook

Tweet on Twitter

Today WikiLeaks published secret documents from the ExpressLane project of the CIA. These documents show one of the cyber operations the CIA conducts against liaison services — which includes among many others the National Security Agency (NSA), the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).

The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world — with the expectation for sharing of the biometric takes collected on the systems. But this ‘voluntary sharing’ obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services.

ExpressLane is installed and run with the cover of upgrading the biometric software by OTS agents that visit the liaison sites. Liaison officers overseeing this procedure will remain unsuspicious, as the data exfiltration disguises behind a Windows installation splash screen.



The core components of the OTS system are based on products from Cross Match, a US company specializing in biometric software for law enforcement and the Intelligence Community. The company hit the headlines in 2011 when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan.

Cross Match certified by UIDAI
Cross Match was one of the first suppliers of biometric devices certified by UIDAI for Aadhaar program. The company received the Certificate of Approval from the Indian Government in 2011. Cross Match received the Certificate of Approval for its Guardian fingerprint capture device and the I SCAN dual iris capture device on October 7, 2011. Both systems utilize Cross Match’s patented Auto Capture feature, which quickly captures high-quality images with minimal operator involvement.


The biometric devices (enrolment) from Cross Match have been granted the Certificate of Approval by UIDAI and STQC Directorate, Department of Information Technology, New Delhi
The Certificate of Approval, was issued after completion of all tests required to demonstrate compliance with the quality requirements of UIDAI. The certification body consists of the Standardization, Testing and Quality Certification (STQC) Directorate for the Government of India’s Department of Information Technology (DIT) and the UIDAI. The tests performed by the STQC included the following criteria: Physical & Dimensional, Image Quality, Environmental (Durability/Climatic), Safety, EMI/EMC, Security, Functional, Performance, Interoperability, Ease of Use & Ergonomics.


Follow
ikiLeaks

✔@wikileaks

Has the CIA already stolen India's #Aadhaar database? http://gginews.in/cia-spies-access-aadhaar-database/ … #modi

12:39 AM - Aug 25, 2017

How CIA Spies Access Aadhaar Database | GGI News
Today WikiLeaks published secret documents from the ExpressLane project of the CIA. These documents show one of the cyber operations the CIA conducts against liaison services — which includes among...

gginews.in

Twitter Ads info and privacy





Follow
Great Game India @GreatGameIndia

How CIA agents can access #Aadhaar database via @UIDAIcertified company #CrossMatch #CIAadhaar #RightToPrivacyhttp://gginews.in/cia-spies-access-aadhaar-database/ …

4:05 PM - Aug 24, 2017

How CIA Spies Access Aadhaar Database | GGI News
Today WikiLeaks published secret documents from the ExpressLane project of the CIA. These documents show one of the cyber operations the CIA conducts against liaison services — which includes among...

gginews.in

Twitter Ads info and privacy



Majority of the UIDAI certified enrollment agencies use Cross Match devices across India. Cross Match was also the first company to receive the Provisional Certificate for use in the UID program in September, 2010. Video featuring the Cross Match Guardian and I SCAN devices has been taken down from the official UIDAI website.

Francisco Partners
In 2012, Francisco Partners acquired Cross Match Technologies Inc. The company has more than 5,000 customers worldwide and over 250,000 products deployed in over 80 countries. Cross Match’s customers include the U.S. Department of Defense, Department of Homeland Security, U.S. State Department and various state and local governments; as well as numerous foreign governments and law enforcement agencies. It also provides biometric solutions to customers in transportation, critical infrastructure, financial services, education, and healthcare sectors.

One of Francisco Partners portfolio company is an Israeli cyber weapons dealer called NSO Group. The company’s Pegasus iOS malware was linked to attacks on iPhones of a prominent UAE activist and a Mexican journalist.

Researchers from the University of Toronto’s Citizen Lab and mobile security firm Lookout raised questions about the ethics of NSO Group, a government spyware provider founded by an alum of Israel’s vaunted intelligence agencies. Francisco Partners bought its stake in the company for $120 million in 2014. Citizen Lab uncovered NSO’s Pegasus malware targeting iPhones of a Mexican journalist and a UAE activist. The same day, FORBES reported that Francisco Partners added Circles to its roster of investments, another Israeli-founded surveillance firm, which sold contentious gear to hack a part of global telecoms networks, known as SS7. That cost the private equity firm $130 million, a source close to the deal told FORBES.

Spying governments, activists & journalists
Francisco Partners also ran Turkey’s spy operations by selling its deep packet inspection product for surveillance. Deep packet inspection enables surveillance at the outset. Its very purpose is to open up “packets” of data flying across networks and inspect them to check if they should pass. DPI has made headlines for controversial use cases. China, for instance, likes to use DPI in its infamous censorship and surveillance systems. Sunnyvale, California-based Blue Coat Systems, in which Francisco Partners was a significant investor, saw its DPI technology censoring the internet in Syria in 2011, just as the civil war was erupting. Human rights activists looked on agog, but Blue Coat later said resellers were to blame and that it had not given permission for the technology to be shipped to the country. One reseller was later slapped with a maximum fine of $2.8 million by the Bureau of Industry and Security (BIS). (Francisco Partners also has stakes in Barracuda Networks and Dell Software, which both ship DPI products).

Aadhaar’s biometric pioneer
The foundation of the Aadhaar program is based on biometric and demographic data that is unique to each citizen. This data can only be collected by leveraging biometric devices and compatible software – the second and third stages of the Aadhaar value chain.



Cross Match’s Indian partner for the UID program is Smart Identity Devices Pvt. Ltd. (Smart ID). Smart Identity Devices, or Smart ID, has been the biometric pioneer and leader for the Aadhaar program. Smart ID provides biometric technology, smart card, and information and communication technology products and services for numerous sectors, such as financial services, logistics, government, and IT security. Launching commercial operations in 2008, Smart ID is based in Noida, India and is led by Sanjeev Mathur. The company’s devices are being used by enrollment agencies across India for the Aadhaar program.

ACCORDING TO A RECENT STUDY BY RESEARCH AND MARKETS, INDIA’S BIOMETRICS MARKET IS FORECAST TO HIT ABOUT $2 BILLION BY 2018.



Smart ID’s products and services range from biometric products, to mobile application solutions, to services such as Aadhaar enrollment, training, project management, IT hosting, and business correspondent management. As of 2014, Smart ID was able to carry out enrollment activities across India in states such as, Jharkhand, Tamil Nadu, Orissa, Uttar Pradesh, West Bangal, and Madhya Pradesh. Smart ID has already enrolled more than 1.2 million citizens into the Aadhaar program through its enrollment agencies.


Cross Match Aadhar Uid Kit
In July 2011, the UIDAI recognized Smart ID as being one of the three best enrollment agencies in Aadhaar for enrolling more than 25 million citizens in a very short time frame. Cross Match’s own presentation prepared for UID study claims more than 620 million enrollments. These CIA bugged Cross Match Aadhar Uid Kit is also available on the open market. Even you can buy it for Rs 63,999 a pair.

The price of a Smart ID Patrol ID fingerprint scanner was approximately $2300 in 2014. And these devices were installed across the country. It would be interesting to know how much did the Indian government pay this CIA front company for the exercise. Lets say UIDAI installed 10,000 such bugged CIA devices across the country for enrollment (which is a very conservative estimate), the staggering cost would be 1473554800 Rs.



How CIA agents can access Aadhaar database in real-time
A number of the CIA’s electronic attack methods are designed for physical proximity. These attack methods are able to penetrate high security networks that are disconnected from the internet, such as police record database. In these cases, a CIA officer, agent or allied intelligence officer acting under instructions, physically infiltrates the targeted workplace. The attacker is provided with a USB containing malware developed for the CIA for this purpose, which is inserted into the targeted computer. The attacker then infects and exfiltrates data to removable media. For example, the CIA attack system Fine Dining, provides 24 decoy applications for CIA spies to use. To witnesses, the spy appears to be running a program showing videos (e.g VLC), presenting slides (Prezi), playing a computer game (Breakout2, 2048) or even running a fake virus scanner (Kaspersky, McAfee, Sophos). But while the decoy application is on the screen, the underlaying system is automatically infected and ransacked.

Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out. The questionnaire is used by the agency’s OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically “exfiltrating” information from computer systems) for specific operations. The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff. The OSB functions as the interface between CIA operational staff and the relevant technical support staff.

Among the list of possible targets of the collection are ‘Asset’, ‘Liason Asset’, ‘System Administrator’, ‘Foreign Information Operations’, ‘Foreign Intelligence Agencies’ and ‘Foreign Government Entities’. Notably absent is any reference to extremists or transnational criminals. The ‘Case Officer’ is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types. The ‘menu’ also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained. This information is used by the CIA’s ‘JQJIMPROVISE’ software to configure a set of CIA malware suited to the specific needs of an operation.


Here is the official training manual that contains the detailed steps for carrying out the installation and configuration of Cross Match for the Aadhaar Enrolment Client. This manual also describes the process of importing master data after downloading it from the UIDAI Admin Portal.


Official UIDAI training manual describing the process of importing master data after downloading it from the UIDAI Admin Portal


It is remarkable that Aadhaar and Al-Qaeda mean the same thing, which is “foundation” – Manu Joseph pointed out this tweetable fact in his piece on Live Mint. What we might add is that it is also remarkable that both Aadhaar and Al Qaeda are illegitimate sons of the same mother!
 

Project Dharma

meh
Senior Member
Joined
Oct 4, 2016
Messages
4,836
Likes
10,862
Country flag
Wikileaks says 'CIA can access Aadhaar database', government denies claim
WikiLeaks on Friday published documents that claims the United State's Central Intelligence Agency (CIA) is using specific tools to secretly collect Aadhaar data. These claims have been dismissed by the government.

By Zee Media Bureau | Last Updated: Saturday, August 26, 2017 - 07:57
1
Comment



New Delhi: WikiLeaks on Friday published documents that claims the United State's Central Intelligence Agency (CIA) is using specific tools to secretly collect Aadhaar data. These claims have been dismissed by the government.

Wikileaks documents claims CIA used ExpressLane – a cyber tool devised by Cross Match Technologies. “ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services.

Cross Match Technologies, a US company specialising in biometric software, was one of the first suppliers of biometric devices certified by UIDAI for Aadhaar program.





Wikileaks tweeted:


Follow
WikiLeaks

✔@wikileaks

Have CIA spies already stolen #India's national ID card database? #aadhaar #biometric http://archive.is/R2Hdu#selection-1123.0-1123.55 …#modi

12:57 AM - Aug 25, 2017

How CIA Spies Access India's Biometric Aadhaar Database | GGI News
archived 25 Aug 2017 07:52:23 UTC

archive.is

Twitter Ads info and privacy




The Wikileaks further claims “CIA agents can access Aadhaar database in real-time.”

Another article tweeted by Wikileaks states, “UIDAI, as far as is known, did not do a background check on these companies or their business, professional and personal associations.”

19h
WikiLeaks

✔@wikileaks

Have CIA spies already stolen #India's national ID card database? #aadhaar #biometric http://archive.is/R2Hdu#selection-1123.0-1123.55 … #modi


Follow
WikiLeaks

✔@wikileaks

See also "#Aadhaar in the hand of spies" https://series.fountainink.in/aadhaar-in-the-hand-of-spies/ …

11:25 AM - Aug 25, 2017

Aadhaar in the hand of spies
BY GOVIND KRISHNAN VAadhaar, the 12-digit number linked to the fingerprints and iris patterns of most Indians, the key to unlocking government for the citizen, is a security nightmare in a world whe

series.fountainink.in

Twitter Ads info and privacy




Cross Match had hit the headlines in 2011 “when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan.”
 

Project Dharma

meh
Senior Member
Joined
Oct 4, 2016
Messages
4,836
Likes
10,862
Country flag
WOH sab toh thik hai,but why a mango mans adhaar card.

??????

================================================
I don't know, honestly I haven't even read the articles in detail just skimmed over them. But I can think of so many uses, they can impersonate anybody, discover RAW agents using fake names etc.
 

airtel

Senior Member
Joined
Dec 25, 2015
Messages
3,432
Likes
7,816
Country flag
they can easily Get our Biomatic information from Mobile phones (Finger print sensors ) they have control on Internet and they can use mobile camera & microphones for spying (without our permission )........................Even Mark Zuckerberg Covers His Laptop Camera >







but what the hell USA will do With all that Information ? we are just stupid people with no critical knowledge .
 

airtel

Senior Member
Joined
Dec 25, 2015
Messages
3,432
Likes
7,816
Country flag
Last edited:

airtel

Senior Member
Joined
Dec 25, 2015
Messages
3,432
Likes
7,816
Country flag
I don't know, honestly I haven't even read the articles in detail just skimmed over them. But I can think of so many uses, they can impersonate anybody, discover RAW agents using fake names etc.
Contains your biometric info, your address and photo.

Basically, they have info on every current and future soldier, scientist and spy.

what is the use of name and address of a soldier or a scientist ? they can get information from other sources too .
Facebook , android Mobiles etc are better tools for spying .
 

Project Dharma

meh
Senior Member
Joined
Oct 4, 2016
Messages
4,836
Likes
10,862
Country flag
what is the use of name and address of a soldier or a scientist ? they can get information from other sources too .
Facebook , android Mobiles etc are better tools for spying .
I said spy not scientist. Basically now they can identify our spies if they have an aadhar card and are traveling under an assumed identity.
 

Dovah

Untermensch
Senior Member
Joined
May 23, 2011
Messages
5,614
Likes
6,793
Country flag
what is the use of name and address of a soldier or a scientist ? they can get information from other sources too .
Facebook , android Mobiles etc are better tools for spying .
Facebook and Mobile phones can be avoided, Aadhar can not.

This is the most bewildering line of thinking in which the target believes that he has nothing of value for the attacker.

Here is an example, India wants to inject a spy in the its embassy in USA under a false identity. During biometric verification for Visa applications, they match it with their Aadhar records and the spy's cover is blown. Maybe, they sell the details to ISI?

They want some corporate secrets? No problem, blackmail a low-level employee working there, you already have his address, should not be a problem. The applications are immense.
 

airtel

Senior Member
Joined
Dec 25, 2015
Messages
3,432
Likes
7,816
Country flag
Last edited:

Project Dharma

meh
Senior Member
Joined
Oct 4, 2016
Messages
4,836
Likes
10,862
Country flag

airtel

Senior Member
Joined
Dec 25, 2015
Messages
3,432
Likes
7,816
Country flag
Facebook and Mobile phones can be avoided, Aadhar can not.

This is the most bewildering line of thinking in which the target believes that he has nothing of value for the attacker.

Here is an example, India wants to inject a spy in the its embassy in USA under a false identity. During biometric verification for Visa applications, they match it with their Aadhar records and the spy's cover is blown. Maybe, they sell the details to ISI?

They want some corporate secrets? No problem, blackmail a low-level employee working there, you already have his address, should not be a problem. The applications are immense.

with Facebook and android phones they can get all your information .................Your family , relationships , Girlfriend , Likes , dislikes , religious views , Political views , GPS location of You and your family everything .
much more information than Adhar card .
 

captscooby81

Senior Member
Joined
Dec 25, 2016
Messages
7,053
Likes
26,924
Country flag
In a country where nothing less then million people put fake work experience and educational credentials in their resume .i really doubt they can track a undercover spy or even soldiers with these data yes its a lot of information to initiate a cyber warfare on the country ..But i really doubt we have any privacy the track our laptops and mobiles they already get maximum data about us with those App permissions ..Forget you have Aadhar or not they even spied on German chancellor Angela merkel even being a partner of US...So this fear mongering that this Aadhar was created by CIA to track billion indian s is something over hyped ..Why india why not China which has made lots of strides in technology ..We have 30 % of population still daily wage labourers what data these guys will use against them :laugh:...by the way last i read in paper there were Aadhar cards issued for Lord hanuman and Baby jesus too in some part of india ..Hope CIA tracks them both :megusta:

Edit : now i understand the reasons why china denied access to Google play store and Apple App store and created their own App environment ..i think indian govt should foresee the future complications which will arrive because of this Aadhar data and start creating some fool proof mechanism to avoid maximum damage ..we cannot create a 100 % immune program from the hackers or snooping
 
Last edited:

Dovah

Untermensch
Senior Member
Joined
May 23, 2011
Messages
5,614
Likes
6,793
Country flag
with Facebook and android phone they can get all your information .................Your family , relationships , Girlfriend , Likes , dislikes , religious views , Political views , GPS location of You and your family everything .
much more information than Adhar card .
Not everybody is on Facebook and not everybody owns an Android phone. A 2-year old kid has an Aadhar card.

And this is also about the ease of the attack. Why the hell will I go around fiddling with Google's and Facebook's systems when I have an unprotected data dump available for me at any time?

What you are saying is similar to saying that we should not lock our houses because banks are more profitable targets for robbers. It is a weird argument.
 

Dovah

Untermensch
Senior Member
Joined
May 23, 2011
Messages
5,614
Likes
6,793
Country flag
Also a larger issue is that Aadhar is linked with every service that you avail. Aadhar data is linked to your health records, to your education, to your bank accounts. So, when we say that CIA has your Aadhar records, it means it knows how many pills of viagra you popped last night.
 

Latest Replies

Global Defence

New threads

Articles

Top