India-China 2020 Border conflict

Status
Not open for further replies.

Jimih

Senior Member
Joined
May 20, 2021
Messages
21,085
Likes
126,390
Country flag
Chinese mobile companies, part of CCP regime


 

not so dravidian

Senior Member
Joined
Feb 3, 2021
Messages
1,523
Likes
8,062
Country flag
RUMINT
y'all now it makes, but still developing
@rone @hawwk

i remember someone saying UIDAI isn't connected to network. is it true???? / or insider job???

Chinese Hackers Targeted Aadhaar Database, Times Group: Report

Chinese state-sponsored hackers are believed to have infiltrated and stolen data from an Indian government agency responsible for a national identification database and one of that country's largest media conglomerates, according to a new report by cybersecurity firm Recorded Future Inc. Both the government agency and the media company dispute the claims.

The Unique Identification Authority of India, also known as the UIDAI, contains the private biometric information of more than 1 billion Indian citizens. The authority's networks were believed to have been breached during intrusions tracked between June and July this year, though it's not clear what data was taken, according to Recorded Future.

The government agency said it had no knowledge of such a breach and that its database was encrypted and only available to users with multifactor authentication. The agency had a "robust security system in place" that was constantly upgraded to maintain the "highest level of data security and integrity," an email from the agency said.

Bennett Coleman & Co., also known as the Times Group, which publishes the Times of India, also appeared to be targeted by the Chinese hackers, according to Recorded Future. Data was exfiltrated from the company between February and August, but it wasn't clear data was stolen, Recorded Future said.

The company dismissed the report, saying the "alleged exfiltration" was blocked by its cybersecurity defenses.


The chief information officer for the Times Group, Rajeev Batra, said an internal security report for the company described the intrusions as "non-serious alerts and false alarms."

China's Foreign Ministry didn't immediately respond to a request for comment during a holiday period in the country.

Recorded Future, a cybersecurity firm based near Boston, said it used a combination of detection techniques and traffic analysis data to identify patterns of suspicious network traffic between servers the government agency and media company used and servers used to administer and control the hackers' malware.

In addition to data supposedly being siphoned away, Recorded Future said it was highly likely that malicious software was embedded inside the agency's and the media companies' computer networks, which would allow the hackers to remove data on demand.

Responding to the Times Group's comments, Jonathan Condra, the lead analyst on Recorded Future's report, said he was able to observe "sustained communications across a single session that lasted five days" from the media company's networks. He said there were also "strong indications" that the communications were coming from within the Times' computer networks and going out to malicious servers, "which suggests a successful implant communicating outwards."

The hackers used a type of malware called Winnti, which Condra described as a "pretty old tool that is shared across a large number of Chinese APT groups over the years." APT stands for advanced persistent threat, a term commonly used to describe state-sponsored hacking groups.

The other tool deployed was Cobalt Strike, a piece of software typically used for network defense but that "has been adopted by threat actors, not just in China but elsewhere as a means of throwing ambiguity into attribution efforts," Mr Condra said. "If it's a commercially available tool it's a lot harder to say it's tied back to specific nations." A representative for Cobalt Strike didn't immediately respond to a request for comment.

Intrusions into Indian networks have escalated in the past year, Recorded Future said in its report. The alleged Chinese hacks follow a rapid deterioration in relations between the two countries. According to its data, Recorded Future said there was a 261% increase in the number of suspected state-sponsored Chinese cyber operations targeting Indian entities through August of this year, compared to 2020. The suspected intrusions track back to the start of a bloody skirmish between Indian and Chinese soldiers at a border post in the Himalayas, Mr Condra said.

"This follows an increase of 120% between 2019 and 2020, demonstrating China's growing strategic interest in India over the past few years," the report said.

Recorded Future believes the UIDAI was targeted because of its database of biometric information though it's not clear if the database was breached. The value of such bulk personal identification data is its ability to potentially identify government officials, enable social engineering attacks or add to data already gathered on potential targets, Mr Condra said.

The Times Group could have been a target because of its reporting on Indian-Chinese tensions, "likely motivated by wanting access to journalists and their sources," the report said.
 

mokoman

Senior Member
Joined
May 31, 2020
Messages
6,198
Likes
33,802
Country flag
@rone @hawwk

i remember someone saying UIDAI isn't connected to network. is it true???? / or insider job???

Chinese Hackers Targeted Aadhaar Database, Times Group: Report

Chinese state-sponsored hackers are believed to have infiltrated and stolen data from an Indian government agency responsible for a national identification database and one of that country's largest media conglomerates, according to a new report by cybersecurity firm Recorded Future Inc. Both the government agency and the media company dispute the claims.

The Unique Identification Authority of India, also known as the UIDAI, contains the private biometric information of more than 1 billion Indian citizens. The authority's networks were believed to have been breached during intrusions tracked between June and July this year, though it's not clear what data was taken, according to Recorded Future.

The government agency said it had no knowledge of such a breach and that its database was encrypted and only available to users with multifactor authentication. The agency had a "robust security system in place" that was constantly upgraded to maintain the "highest level of data security and integrity," an email from the agency said.

Bennett Coleman & Co., also known as the Times Group, which publishes the Times of India, also appeared to be targeted by the Chinese hackers, according to Recorded Future. Data was exfiltrated from the company between February and August, but it wasn't clear data was stolen, Recorded Future said.

The company dismissed the report, saying the "alleged exfiltration" was blocked by its cybersecurity defenses.


The chief information officer for the Times Group, Rajeev Batra, said an internal security report for the company described the intrusions as "non-serious alerts and false alarms."

China's Foreign Ministry didn't immediately respond to a request for comment during a holiday period in the country.

Recorded Future, a cybersecurity firm based near Boston, said it used a combination of detection techniques and traffic analysis data to identify patterns of suspicious network traffic between servers the government agency and media company used and servers used to administer and control the hackers' malware.

In addition to data supposedly being siphoned away, Recorded Future said it was highly likely that malicious software was embedded inside the agency's and the media companies' computer networks, which would allow the hackers to remove data on demand.

Responding to the Times Group's comments, Jonathan Condra, the lead analyst on Recorded Future's report, said he was able to observe "sustained communications across a single session that lasted five days" from the media company's networks. He said there were also "strong indications" that the communications were coming from within the Times' computer networks and going out to malicious servers, "which suggests a successful implant communicating outwards."

The hackers used a type of malware called Winnti, which Condra described as a "pretty old tool that is shared across a large number of Chinese APT groups over the years." APT stands for advanced persistent threat, a term commonly used to describe state-sponsored hacking groups.

The other tool deployed was Cobalt Strike, a piece of software typically used for network defense but that "has been adopted by threat actors, not just in China but elsewhere as a means of throwing ambiguity into attribution efforts," Mr Condra said. "If it's a commercially available tool it's a lot harder to say it's tied back to specific nations." A representative for Cobalt Strike didn't immediately respond to a request for comment.

Intrusions into Indian networks have escalated in the past year, Recorded Future said in its report. The alleged Chinese hacks follow a rapid deterioration in relations between the two countries. According to its data, Recorded Future said there was a 261% increase in the number of suspected state-sponsored Chinese cyber operations targeting Indian entities through August of this year, compared to 2020. The suspected intrusions track back to the start of a bloody skirmish between Indian and Chinese soldiers at a border post in the Himalayas, Mr Condra said.

"This follows an increase of 120% between 2019 and 2020, demonstrating China's growing strategic interest in India over the past few years," the report said.

Recorded Future believes the UIDAI was targeted because of its database of biometric information though it's not clear if the database was breached. The value of such bulk personal identification data is its ability to potentially identify government officials, enable social engineering attacks or add to data already gathered on potential targets, Mr Condra said.

The Times Group could have been a target because of its reporting on Indian-Chinese tensions, "likely motivated by wanting access to journalists and their sources," the report said.
i think , the way its designed , u cant take out biometric data or other card holder data.

you can only verify biometric data,name,address against an aadhaar card number.

GOI should reveal if there was hacking attempt or if thre was any data loss.
 

Tactical Doge

𝕱𝖔𝖔𝖑𝖘 𝖗𝖚𝖘𝖍 𝖆𝖓𝖉 𝖆𝖓𝖌𝖊𝖑𝖘 𝖋𝖊𝖆𝖗
Senior Member
Joined
Aug 28, 2019
Messages
9,919
Likes
60,299
Country flag
Atleast the russians did it for saving their country.poor chinese tried it in korea so that mao could be shown as big d*ck socialist
Soviets had shitty tactics during the start of the war, only reasonably complex formation was the diamond tactic, that too seldom worked against the Germans
Towards the end of the war, they had enough actual fighting experience to develop good tactics and gave the Germans a bloody nose
 

hawwk

Tihar Jail
Banned
Joined
Jun 20, 2021
Messages
680
Likes
3,264
Country flag
@rone @hawwk

i remember someone saying UIDAI isn't connected to network. is it true???? / or insider job???

Chinese Hackers Targeted Aadhaar Database, Times Group: Report

Chinese state-sponsored hackers are believed to have infiltrated and stolen data from an Indian government agency responsible for a national identification database and one of that country's largest media conglomerates, according to a new report by cybersecurity firm Recorded Future Inc. Both the government agency and the media company dispute the claims.

The Unique Identification Authority of India, also known as the UIDAI, contains the private biometric information of more than 1 billion Indian citizens. The authority's networks were believed to have been breached during intrusions tracked between June and July this year, though it's not clear what data was taken, according to Recorded Future.

The government agency said it had no knowledge of such a breach and that its database was encrypted and only available to users with multifactor authentication. The agency had a "robust security system in place" that was constantly upgraded to maintain the "highest level of data security and integrity," an email from the agency said.

Bennett Coleman & Co., also known as the Times Group, which publishes the Times of India, also appeared to be targeted by the Chinese hackers, according to Recorded Future. Data was exfiltrated from the company between February and August, but it wasn't clear data was stolen, Recorded Future said.

The company dismissed the report, saying the "alleged exfiltration" was blocked by its cybersecurity defenses.


The chief information officer for the Times Group, Rajeev Batra, said an internal security report for the company described the intrusions as "non-serious alerts and false alarms."

China's Foreign Ministry didn't immediately respond to a request for comment during a holiday period in the country.

Recorded Future, a cybersecurity firm based near Boston, said it used a combination of detection techniques and traffic analysis data to identify patterns of suspicious network traffic between servers the government agency and media company used and servers used to administer and control the hackers' malware.

In addition to data supposedly being siphoned away, Recorded Future said it was highly likely that malicious software was embedded inside the agency's and the media companies' computer networks, which would allow the hackers to remove data on demand.

Responding to the Times Group's comments, Jonathan Condra, the lead analyst on Recorded Future's report, said he was able to observe "sustained communications across a single session that lasted five days" from the media company's networks. He said there were also "strong indications" that the communications were coming from within the Times' computer networks and going out to malicious servers, "which suggests a successful implant communicating outwards."

The hackers used a type of malware called Winnti, which Condra described as a "pretty old tool that is shared across a large number of Chinese APT groups over the years." APT stands for advanced persistent threat, a term commonly used to describe state-sponsored hacking groups.

The other tool deployed was Cobalt Strike, a piece of software typically used for network defense but that "has been adopted by threat actors, not just in China but elsewhere as a means of throwing ambiguity into attribution efforts," Mr Condra said. "If it's a commercially available tool it's a lot harder to say it's tied back to specific nations." A representative for Cobalt Strike didn't immediately respond to a request for comment.

Intrusions into Indian networks have escalated in the past year, Recorded Future said in its report. The alleged Chinese hacks follow a rapid deterioration in relations between the two countries. According to its data, Recorded Future said there was a 261% increase in the number of suspected state-sponsored Chinese cyber operations targeting Indian entities through August of this year, compared to 2020. The suspected intrusions track back to the start of a bloody skirmish between Indian and Chinese soldiers at a border post in the Himalayas, Mr Condra said.

"This follows an increase of 120% between 2019 and 2020, demonstrating China's growing strategic interest in India over the past few years," the report said.

Recorded Future believes the UIDAI was targeted because of its database of biometric information though it's not clear if the database was breached. The value of such bulk personal identification data is its ability to potentially identify government officials, enable social engineering attacks or add to data already gathered on potential targets, Mr Condra said.

The Times Group could have been a target because of its reporting on Indian-Chinese tensions, "likely motivated by wanting access to journalists and their sources," the report said.
uidai is an open network that also have open api (https://auth.uidai.gov.in) :doh:. internal govt website uses protected api. it's either chinese directly found out the vuln in the aadhar api or it first hacked into some govt. site and got the access of protected api (they might have poor authentication in that since they are being used by themselves)
for the first, it's their exploit finding technique. for the second, it is likely to be an ssrf attack. we are taught a lot of it, since it's the most dangerous one.

https://uidai.gov.in/images/FrontPageUpdates/aadhaar_authentication_api_2_0.pdf
this is the whole fucking whitepaper of the same by the govt. (uidai)

1632311581341.png


it's more likely that they've used the second option. api vulns aren't much. see that private address in the second flow. that's what the chinese maybe got to know.

see that last cluster, it has direct connection to cidr.
 

hawwk

Tihar Jail
Banned
Joined
Jun 20, 2021
Messages
680
Likes
3,264
Country flag
uidai is an open network that also have open api (https://auth.uidai.gov.in) :doh:. internal govt website uses protected api. it's either chinese directly found out the vuln in the aadhar api or it first hacked into some govt. site and got the access of protected api (they might have poor authentication in that since they are being used by themselves)
for the first, it's their exploit finding technique. for the second, it is likely to be an ssrf attack. we are taught a lot of it, since it's the most dangerous one.

https://uidai.gov.in/images/FrontPageUpdates/aadhaar_authentication_api_2_0.pdf
this is the whole fucking whitepaper of the same by the govt. (uidai)

View attachment 111432

it's more likely that they've used the second option. api vulns aren't much. see that private address in the second flow. that's what the chinese maybe got to know.

see that last cluster, it has direct connection to cidr.
@not so dravidian never have i said that uidai isn't connected to a network. how tf will it perform without a network.... i've only talked about why terrorist database shouldn't be connected to any frontend govt. websites.
 

not so dravidian

Senior Member
Joined
Feb 3, 2021
Messages
1,523
Likes
8,062
Country flag
@not so dravidian never have i said that uidai isn't connected to a network. how tf will it perform without a network.... i've only talked about why terrorist database shouldn't be connected to any frontend govt. websites.
I have no idea since I'm a bio group student

By the way y'all not aware that I'm still in the process of selecting college/ technically I'm a 12th passout 😁
 

mokoman

Senior Member
Joined
May 31, 2020
Messages
6,198
Likes
33,802
Country flag
uidai is an open network that also have open api (https://auth.uidai.gov.in) :doh:. internal govt website uses protected api. it's either chinese directly found out the vuln in the aadhar api or it first hacked into some govt. site and got the access of protected api (they might have poor authentication in that since they are being used by themselves)
for the first, it's their exploit finding technique. for the second, it is likely to be an ssrf attack. we are taught a lot of it, since it's the most dangerous one.

https://uidai.gov.in/images/FrontPageUpdates/aadhaar_authentication_api_2_0.pdf
this is the whole fucking whitepaper of the same by the govt. (uidai)

View attachment 111432

it's more likely that they've used the second option. api vulns aren't much. see that private address in the second flow. that's what the chinese maybe got to know.

see that last cluster, it has direct connection to cidr.
My understanding is that all biometric data+card holder data is on top CIDR server.

you goto a bank , u give aadhar card + name + scan ur thumb/eye

from bank ur aadhaar card + scanned biometric data + name u gave goes to server to server until it reaches CIDR , CIDR only says YES everything matches or NO.

so there is no question of biometric/photo/id data being stolen through this. this is what uidai is always saying.

i heard of issue where data is stolen at enrolment time , but dont think it has anything to do with uidai servers.
 

Suhaldev

Senior Member
Joined
Sep 10, 2020
Messages
1,675
Likes
7,519
Country flag
Looks like Chinese have increased funding for naxals, another worrying development. Now, they are Asli targeting Muslim dalit solidarity in urban protests

 

HariPrasad-1

Senior Member
Joined
Jan 7, 2016
Messages
9,573
Likes
21,017
Country flag
And we want US bases inside India to fight China and Pak 😁

Oh! the Yankees, so trustworthy.

What I’m talking about here is the height of 19-year-olds, not adults, we are generally 5cm taller than our parents
This has little to do with genes. Blacks in Nigeria are 166.4
Afro-American height 177
Just cancel logistic support agreement in response. I am sure that Modi will work out the response.
 
Status
Not open for further replies.

Latest Replies

Global Defence

New threads

Articles

Top