Indian Cyber Warefare Capability : Discussions and Infosec news

DownWithCCP

Senior Member
Joined
Jul 22, 2020
Messages
1,510
Likes
6,128
Country flag
Dark Basin isn't Indian intelligence. It belongs to a company in Noida, and Dark Basin is likely a HaaS used by Indian intelligence in rare cases. Dropping Elephant and Viceroy Tiger are state-run APT's, Dark Basin and (quite likely) SideWinder are independent operators hired at times by the GoI. Their targets are diverse ranging from companies like Exxon and other climate change orgs which have nothing to do with India. India isn't powerful at all in the cyber-warfare world. Our talent pool is massive, and cyber doesn't require a lot of funding, however, there is a lack of political(read bureaucratic) will to ensure that we have a capability to conduct cyber warfare. Was excited by the establishment of the DCA, just been waiting for 4 years now.....
The company might as well be a decoy(iirc the company was doing some penetration testing and security audits), the reason I said this was I read some IR team's reports on an alleged DarkBasin attack, it had some features characteristic of a SideWinder attack. It can very well be assumed that even though they do not work for the government they can be hired like mercenaries to get the job down, Chinese MSS related groups often do that.
 

DownWithCCP

Senior Member
Joined
Jul 22, 2020
Messages
1,510
Likes
6,128
Country flag
Dark Basin isn't Indian intelligence. It belongs to a company in Noida, and Dark Basin is likely a HaaS used by Indian intelligence in rare cases. Dropping Elephant and Viceroy Tiger are state-run APT's, Dark Basin and (quite likely) SideWinder are independent operators hired at times by the GoI. Their targets are diverse ranging from companies like Exxon and other climate change orgs which have nothing to do with India. India isn't powerful at all in the cyber-warfare world. Our talent pool is massive, and cyber doesn't require a lot of funding, however, there is a lack of political(read bureaucratic) will to ensure that we have a capability to conduct cyber warfare. Was excited by the establishment of the DCA, just been waiting for 4 years now.....
The problem with our agencies is that the methods they use are quite crude, for instance when SideWinder attacked Pakistani military officials the malware they used was open source with modifications, against countries like Pakistan it can get the job done but if we are to become a power to be reckoned with then we need a lot of 0 day exploits in our bag of tricks just like the NSA has.
 

Cheran

Senior Member
Joined
Sep 8, 2019
Messages
3,235
Likes
22,420
Country flag

As per a detailed report published by global threat intelligence SaaS provider Cyble, the alleged data breach happened on October 14, 2020. Cyble detected the breach on October 30 during its routine Dark Web Monitoring. The data was available for $40,000. Cyble validated the data, and on November 1, they informed BigBasket about the breach. The company urged them not to disclose the breach. Cyble advised them to let the customers know as they have the right to know about the breach.

20,000,000+ clients affected and information such as emails, names, hashed passwords, birthdates and phone numbers were leaked.
 

scatterStorm

Senior Member
Joined
May 28, 2016
Messages
1,899
Likes
4,035
Country flag

As per a detailed report published by global threat intelligence SaaS provider Cyble, the alleged data breach happened on October 14, 2020. Cyble detected the breach on October 30 during its routine Dark Web Monitoring. The data was available for $40,000. Cyble validated the data, and on November 1, they informed BigBasket about the breach. The company urged them not to disclose the breach. Cyble advised them to let the customers know as they have the right to know about the breach.

20,000,000+ clients affected and information such as emails, names, hashed passwords, birthdates and phone numbers were leaked.
As a DevOps engineer myself, Its already known that many SaaS based firms data has already been breached. In fact, when Aadhar was first introduced, there api endpoints were not "rate limited", and all I had to do was to code a python bot that could request the api endpoint and get the json data. One of my friends working in Flipkart told me they were running some servers day and night to fetch the user data.

Whoever has the most recent data can push there product onto upcoming generations to come.

Unfortunately, most Indian users Aadhar data is already been out. It could be you, me and even everybody on the forum.
 

DownWithCCP

Senior Member
Joined
Jul 22, 2020
Messages
1,510
Likes
6,128
Country flag
As a DevOps engineer myself, Its already known that many SaaS based firms data has already been breached. In fact, when Aadhar was first introduced, there api endpoints were not "rate limited", and all I had to do was to code a python bot that could request the api endpoint and get the json data. One of my friends working in Flipkart told me they were running some servers day and night to fetch the user data.

Whoever has the most recent data can push there product onto upcoming generations to come.

Unfortunately, most Indian users Aadhar data is already been out. It could be you, me and even everybody on the forum.
Well I read a lot of articles(on Medium) that said that when they reported these API related vulnerabilities(the article I read mentioned about some authentication service) initially it was denial but they were fixed later on. How true is that?
 

Cheran

Senior Member
Joined
Sep 8, 2019
Messages
3,235
Likes
22,420
Country flag
Dominos India breached


Domino’s data breach explained: Leaked data now available through search portal on the dark web, over 13TB of data leaked

Though Jubilant Foodworks did not seem to have taken any step to avert data getting in the hands of scammers, the said data has the potential to cause serious privacy concerns.

1621602343605.png


Independent Security Researcher Sourajeet Majumder published a thread on Twitter explaining the breach. He said that he was able to see all the personal details on the search engine. He said, “On using the search portal made by the threat actor, I was able to find my phone number/email, all delivery addresses, delivery amount and order time & date.”

1621602394826.png
 

ajay7322

Regular Member
Joined
Dec 11, 2020
Messages
947
Likes
4,228
Country flag
We are in dire need of our own firewalls for country wide data security specially the cloud platforms government gives contract to lowest bidders and then they employ freshers to build the system even if they use AWS they configure it poorly and leave many buckets in open.

So it's high time government stop giving contract to any rag tag IT company instead push for better security oriented systems and have audits frequently.
 

not so dravidian

Regular Member
Joined
Feb 3, 2021
Messages
261
Likes
1,032
Country flag
We are in dire need of our own firewalls for country wide data security specially the cloud platforms government gives contract to lowest bidders and then they employ freshers to build the system even if they use AWS they configure it poorly and leave many buckets in open.

So it's high time government stop giving contract to any rag tag IT company instead push for better security oriented systems and have audits frequently.
most of india's private companies rely on singaporian cyber firms
 

scatterStorm

Senior Member
Joined
May 28, 2016
Messages
1,899
Likes
4,035
Country flag
Well I read a lot of articles(on Medium) that said that when they reported these API related vulnerabilities(the article I read mentioned about some authentication service) initially it was denial but they were fixed later on. How true is that?
Yes, rate limitation weren't there at first, so all you have to do is get the API KEY for your account and send a simple cURL request. Later this was fixed, but I think big firms already got enough info.
 

scatterStorm

Senior Member
Joined
May 28, 2016
Messages
1,899
Likes
4,035
Country flag
Dominos India breached


Domino’s data breach explained: Leaked data now available through search portal on the dark web, over 13TB of data leaked

Though Jubilant Foodworks did not seem to have taken any step to avert data getting in the hands of scammers, the said data has the potential to cause serious privacy concerns.

View attachment 90987

Independent Security Researcher Sourajeet Majumder published a thread on Twitter explaining the breach. He said that he was able to see all the personal details on the search engine. He said, “On using the search portal made by the threat actor, I was able to find my phone number/email, all delivery addresses, delivery amount and order time & date.”

View attachment 90988
Really bad security policies and practices in place. A DB port was opened, could've been cross site injection or some employee basically created a too easy admin and password. With such a multi billion dollar firm, they couldn't use Key Vaults with ephemeral keys in place is surprising.

Free consulting: Use Hashicorp Vaults
 

scatterStorm

Senior Member
Joined
May 28, 2016
Messages
1,899
Likes
4,035
Country flag
We are in dire need of our own firewalls for country wide data security specially the cloud platforms government gives contract to lowest bidders and then they employ freshers to build the system even if they use AWS they configure it poorly and leave many buckets in open.

So it's high time government stop giving contract to any rag tag IT company instead push for better security oriented systems and have audits frequently.
Public buckets is a shame, to be very honest.

Matter of Fact: At country level, Azure offers Gov Cloud, whoever has done some certs in cloud would know that China has its own Gov Cloud backed by Azure!
 

DownWithCCP

Senior Member
Joined
Jul 22, 2020
Messages
1,510
Likes
6,128
Country flag
Check out this report by FireEye on Chinese state-sponsored group APT 41, provides a lot of insight, there
click here
There needs to be a streamlining of the Indian intelligence apparatus and integration of the cyber aspect. NTRO, MI, DCA , each seems to be doing its own thing, some orgs are even redundant with turf wars among these orgs it makes the situation worse.
 

ajay7322

Regular Member
Joined
Dec 11, 2020
Messages
947
Likes
4,228
Country flag


≠===========≠=============≠===========≠======

Government clarifies that there is no cyber breach into NIC email system

Posted On: 13 JUN 2021 7:13PM by PIB Delhi


A media story on impact of data breaches in organisations such as Air India, Big Basket and Domino’s has claimed that these breaches have exposed email accounts and passwords of NIC emails to the hackers.

In view of this it is important to clarify that firstly, there has been no cyber breach into the email system of the Government of India maintained by the National Informatics Centre (NIC). The email system is totally safe and secure.

Secondly, cyber security breach on external portals may not impact the users of Government Email Service, unless the Government users have registered on these portals using their Government Email Address and have used the same password as the one used in the Government Email Account.

NIC Email system has put in place several security measures such as two factor authentication and change of password in 90 days. Further, any change of password in NIC Email requires mobile OTP and if the mobile OTP is incorrect then change of password will not be possible. Any attempt of phishing using NIC Email can be mitigated by NIC. NIC also undertakes user awareness drives from time to time and keeps updating the users about potential risks and safety protocols.
 

Latest Replies

Global Defence

New threads

Articles

Top