Has the CIA already stolen India's Aadhaar database?

[Project Dharma]

There are cryptocurrencies ( Like Litecoin , Bitcoins Etc ) Governments can not track their transactions .

Hehe, you wish.

https://www.chainalysis.com/

 

[Abhijat]

IMHO their are two separate issues , considering Aadhar and Internet Services.

First , being "Profiling", which can be done by collecting , and analysing meta-data by man/machine. So , when we search a keyword or visit some webpage , we leave a trace of "our system"(mobile/p.c/I.o.T) on net , which can be further processed to get a "general pattern" .

Second, of one's "identity" . Here Aadhar would play a major role in , "pinning down" the "general pattern" across various "system" , to an individual. So it becomes easier to trace someone over the net.

 

[Bharat Ek Khoj]

Much of it is a lie.

You cannot for instance even find the reason for the movies he marketed and the timings of release of those movies and the stated collections of those movies.

You cannot even find the videos of the people who got shot because they threw a stone. (strangely enough quite unlike the Kashmir where throwing stones for ages evokes only stone catapults). You will not find the police beating up the peaceful type of supporters (the same police that ran away during jat andolan). You will not find the police treating Baba Ram Rahim with honour deserved to honest people. BTW these videos are there on whatapp. I received them this morning and forwarded them to a few others. Why didn't the IT cells of various political parties not forward these videos to their respective supporters? How can you claim to run 18 pages of discussion and not have these videos posted?

Why do you want me there. There is nothing for me to add there.


Just now I went to that thread and they are discussing Dalit quotient of Jats and Madhuri Dixit ka thumka. Really man why do you want me there?

Yeah, I know you live in a different sphere where no matter what discussion is , your every point revolves around Modi and only Modi.

 

[Bharat Ek Khoj]

The word has it that the entire system is rigged to monitor people using it. Like honey trap. So all the three layer security stuff may be a mirage.

They system can be only rigged if the 7 or 9 key persons involved in managing be compromised.

 

[Project Dharma]

They system can be only rigged if the 7 or 9 key persons involved in managing be compromised.

It is probably not rigged but it is susceptible to man in the middle attacks at the point of the exit node. Even with https, all it takes is a rogue CA to compromise the whole system. Also, javascript. Most people who use TOR don't disable javascript and js can be used to get information that can uniquely identify you across the internet.

 

[Mangal]

They system can be only rigged if the 7 or 9 key persons involved in managing be compromised.

I am only telling you what the hacker community felt of TOR and personally I believe it to be true. But what opinion you want to have you can have.

 

[Project Dharma]

@Bharat Ek Khoj


This video at Defcon was pretty informative, had to spend some time trying to find it. None of the cases involved a hole in Tor itself.


EDIT: Evil forum software, allows spaces in usernames.

 

[Khagesh]

Yeah, I know you live in a different sphere where no matter what discussion is , your every point revolves around Modi and only Modi.

:biggrin2:

But no bro. Its not like that. Its just that I mention Demonetisation because I understand cashflows and people hear Modi. I mention imports and people hear Modi again. In the post you quoted I had merely mentioned the timing of the release of movies of Ram Rahim and the stated collections. Next logical question was to ask if the actual occupancy was ever verified to be matched with stated collections. Instead you mentioned Modi. There was no Modi in the post you quoted.

Chalta hai. I am cool with it.

 

[Bharat Ek Khoj]

:biggrin2:

But no bro. Its not like that. Its just that I mention Demonetisation because I understand cashflows and people hear Modi. I mention imports and people hear Modi again. In the post you quoted I had merely mentioned the timing of the release of movies of Ram Rahim and the stated collections. Next logical question was to ask if the actual occupancy was ever verified to be matched with stated collections. Instead you mentioned Modi. There was no Modi in the post you quoted.

Chalta hai. I am cool with it.

Its because you have stopped directly mentioning modi since a time.
But agree we are too tiny to understand whats going on.

 

[Bharat Ek Khoj]

It is probably not rigged but it is susceptible to man in the middle attacks at the point of the exit node. Even with https, all it takes is a rogue CA to compromise the whole system. Also, javascript. Most people who use TOR don't disable javascript and js can be used to get information that can uniquely identify you across the internet.

There are so many computer hosting tor, so compromising exit node still don't help, as there are 3 computers involved at a time.
Https weakness was already known to CIA for almost 2 years. So they exploited info for that time period.
I talked in my previous post that there's a special OS that blocks everything, javascript is not a problem.

 

[Abhijat]

^

Sir, any GUI can be hacked. Better go old school and install every package from trusted source on linux by yourself( and not any fancy stuff like web browser(gui)) , if not anything else it would give one peace of mind.

BTW, commercial systems are not built with security in mind , and even in military system their is all pervasive technics , likes of signal processing etc. , which are helpful in snooping .

 

[Bharat Ek Khoj]

^

Sir, any GUI can be hacked. Better go old school and install every package from trusted source on linux by yourself( and not any fancy stuff like web browser(gui)) , if not anything else it would give one peace of mind.

BTW, commercial systems are not built with security in mind , and even in military system their is all pervasive technics , likes of signal processing etc. , which are helpful in snooping .

Building linux is not easy task. So other experts have created specifically for Tor,
Tails (live CD, no installation) - https://tails.boum.org/about/index.en.html
and Whonix ( used to claim even with root access, IP cannot be revealed, i dont know today) - https://www.whonix.org

and kindly drop the word 'sir'

 

[hit&run]

I expect this forum to be pool of geniuses, especially the young ones.

Plenty of fear mongering going on.

One word that negates this fear-mongering is "Deterrence".

If CIA can access our records we can access their records back.

The rules of the game have not changed; methods may have been.

And these games are not as berserk as people think watching Hollywood movies. One can always catch up losing first round and all the players know it. Like Americans say, 'The Chicken Come Home to roost'.

If I may ask everyone if they consider that CIA never had the access to the information they wanted to access from India and Indian citizens?

When Adhar like Data base is created, it is created with a possibility built in that the information may get unauthorised access.

If CIA knows they have access to our records then even GOI knows that they have access to our record.

Bingo ! We would be as good as we were before Adhar hack for the purpose of putting our men in any spy mission. All we gotta do is change those records i.e. feed in wrong information.

People must stop living in fools paradise that their is some "Chidiya" called Privacy. There is no such thing. Just 2 days back I laughing my ass of when I saw Twitter leftists celebrating SC's ruling on Citizen's privacy.

Having said that American have the advantage, they always had even when nothing was hooked on Internet. To negate that either we have create new Internet network by spending billions but again that can be compromised.

Why spend billions on some thing that be compromised; all we need to invest in know the given system and 'Swim like fish in the water'.

Also the question must be asked if CIA will rely only on Adhar Data base or few other methods as well to confirm before committing to Espionage ?

Tagging @Rage;

 

[Spindrift]

TOR has always been considered a trap by the hacking community. But there were few good VPN service providers whose servers were located in some European country. I don't remember the name of the country but it was considered good among the group members. So basically TOR was for what we called noobs who were new and trying to learn things.

First of all everything is exploitable. It just depends on how much an of effort one is willing to put in.
TOR is fine ...
It all just boils down to operational security (OpSec). You are as secure as the OpSec practices you follow.

Someone once said: "There isn't a darknet dark enough to black out 'stupid'."

 

[Mangal]

First of all everything is exploitable. It just depends on how much an of effort one is willing to put in.
TOR is fine ...
It all just boils down to operational security (OpSec). You are as secure as the OpSec practices you follow.

Someone once said: "There isn't a darknet dark enough to black out 'stupid'."

Everyone has his own way of working. I didn't trust TOR back then. I had something which I considered better and trustworthy. But I agree that most of the times its human stupidity that makes you a victim of an attack or fall for a trap. It's true for both the person getting hacked and the hacker as well.
Off topic... in 2007 many Indian army officers had fallen victim of hack attacks from Chinese. The attacks can't even be called exactly hacking. The Chinese fooled them into downloading PDF with malware's. Simple social engineering. I was shaking my head with disappointment and disbelief that the top brass is susceptible to such simple attacks. I hope things would be better now. I remember an advisory was later issued how such attacks can be done.

 

[sorcerer]

OLD NEWS!!! 2013 report
AAdhar was already compromised the moment it was started by the Congress Govt!!!
Though a contrasting report..it shows how certain elements were already compromised from the inception.!

Relax, CIA is not snooping into Aadhaar via MongoDB
The Economic Times reports that the Unique Identification Authority of India (UIDAI) has contracted MongoDB - an American open source cross-platform document oriented database system startup, in an unspecified database management capacity.

The otherwise innocuous business deal has suddenly reached espionage status since MongoDB is partially funded by the not-for-profit venture capital firm of the CIA called In-Q-Tel (IQT

http://www.firstpost.com/business/e...nooping-into-aadhaar-via-mongodb-1268077.html

 

[sorcerer]

Seems like the media is trying on the DOUBLE TO AVOID ADHAR LIMITATION on certain deals for certain political parties and their vested interests!!!

Aaadhar Linking is ofcourse creating issues for a lot of Abduls and Alis.

 

[Akshay Fenix]

So what?

The advantages of aadhar out weigh the disadvantages by a factor of unimaginable proportions.

Open you damn minds n do your own homework rather than coming under someone elses propaganda.

If you are incapable of that sort of thinking then I recommened you show a little faith in PM Modi, he is here to fix this mess of a country and bring us back to our glorious days.

What has happened to us (Indians), we used to be leaders; guiding the world in ways unimaginable to others. People from different continents used to come visit us just to learn our ways.

Now we have turned ourselves into followers aka slaves, do things only if it is approved by Uncle Sam. Shame!!!

 

[Anikastha]

In a country where nothing less then million people put fake work experience and educational credentials in their resume .i really doubt they can track a undercover spy or even soldiers with these data yes its a lot of information to initiate a cyber warfare on the country ..But i really doubt we have any privacy the track our laptops and mobiles they already get maximum data about us with those App permissions ..Forget you have Aadhar or not they even spied on German chancellor Angela merkel even being a partner of US...So this fear mongering that this Aadhar was created by CIA to track billion indian s is something over hyped ..Why india why not China which has made lots of strides in technology ..We have 30 % of population still daily wage labourers what data these guys will use against them ...by the way last i read in paper there were Aadhar cards issued for Lord hanuman and Baby jesus too in some part of india ..Hope CIA tracks them both

Edit : now i understand the reasons why china denied access to Google play store and Apple App store and created their own App environment ..i think indian govt should foresee the future complications which will arrive because of this Aadhar data and start creating some fool proof mechanism to avoid maximum damage ..we cannot create a 100 % immune program from the hackers or snooping

yeah ...
A guy from bihar made aadhar card for his dog.
Name : dhilu kumar

Father's name : tommy kumar.
Age :4...
Rofl.

 

[Project Dharma]

There are so many computer hosting tor, so compromising exit node still don't help, as there are 3 computers involved at a time.

Eh? How does it matter how many computers are involved if any one of the chain is compromised and is able to do a man in the middle https attack?