Political Hacks and Data Breaches

Skull, rose, anonymous
Image: 7MB
Data breaches have hit both government and private websites. You might want to check if your email id has been leaked.

Imagine a situation where millions of email id and password combinations were leaked, from a major travel booking website. Not a biggy, right? Make a new account, or reset your password. Your online travel is only marginally inconvenienced. Life moves on.

Well, not quite. Since users tend to reuse their passwords across sites, a leak from one site tells a hacker a lot about your password habits and preferred email id on others. Now imagine if, in the last few years, such data has been leaked on multiple occasions.

In 2016, we are outside of the realm of imagination. User data leaks have happened for companies such as RedBus, Adobe, LinkedIn, Myspace, Yahoo, HDFC, ICICI, SBI – to name a few.

Everyone and everything from Rahul Gandhi to presidential elections and nuclear reactors have had a taste of the dangers of being in the digital age. Viruses can hijack your systems, block access to important files and demand a ransom. They can lurk within images sent in email attachments, and run a keylogger to record every word you type. Often, it’s not the virus you should be worried about, but the people creating it.

The Cult of Patriotic Hacking

Image: 7MB

The recent hacks on Rahul Gandhi, Barkha Dutt and Ravish Kumar point to politically motivated hackers, with their language suggesting a form of ultra-nationalism that has become common today. In the past, Pakistani hackers have formed crews, defacing and leaving their signatures on India’s poorly guarded government websites. India’s hackers then do the same to Pakistan’s poorly guarded government websites.

It may seem like harmless patriotism if the site being hacked is from the ‘enemy’ country. Except that hackers are not accountable across borders.

A notable example is the case of th3J35t3r, an American hacker who made his name by taking down terrorist recruitment websites, and social media handles. After Edward Snowden made the NSA’s private mass surveillance public, he targeted the whistle-blower, launching attacks on the government websites of any country that dared support what Snowden did.

Don’t Like Being Hacked? Your Data Shouldn’t Be Out There

If this sounds like something that only happens to someone else, think again. Visit www.haveibeenpwned.com, and you might find your email address was part of a data breach.

In the last few years, leaks of user email ids from websites such as those of Adobe, RedBus, LinkedIn, Myspace have left millions of users compromised to varying degrees. The government-run railway ticket booking platform IRCTC was alleged to have been hacked as well – though IRCTC denied the incident.

India, with one of the world’s fastest growing pool of internet users, is an easy target. Companies collect vast amounts of user information – with little accountability for their protection. In 2015, the Telecom Regulatory Authority of India called for responses to a Net Neutrality Bill it had in mind. After one million people sent in their comments, the TRAI published their names, comments and email id’s, in breach of privacy. The breach peeved privacy activists enough that the TRAI website was hacked the very next day – by a group taking the name ‘AnonOps India’.

AnonOps India Twitter Handle

On their twitter handle, they make a case for the technology of privacy – particularly encryption – arguing that it’s governments they don’t trust with that data.

After all, what’re a million users, compared to a billion? The Aadhar system, with the aim of documenting every one of India’s 1.2 billion people, is a repository of everything there is to know about you – from your fingerprint to your name, address, and birthdate, and even your PAN number. With 1.07 billion already under the program, much of that data is already put to use by private companies, ostensibly verifying employability.

Cashless, Not Careless

In 2016, the same year that demonetization pushed hundreds of millions to embrace digital money or go hungry, 3.2 million debit card details were compromised.

If there is room to repair the security lapses within these providers, there is also room to imitate their services and trick users into entering their information into a fake website – a process known as ‘phishing’. Fake online payment gateways have emerged, replicating the password recovery processes of 26 banks in an attempt to scam hasty customers of their login details – and then their money.

Digital India’s much vaunted DigiLocker service, which lets users store their identity documents ‘safely’ on a government server, has several imitations on the Google Play Store. There’s no advisory as to which is the real one besides the ‘Government of India’ tag next to the name.

Develop a Gut Instinct, and Trust It

There’s no better alternative to cyber security than caution. Double check every link before clicking on it (Chrome extensions like the Web of Trust can let you know in advance if a link is real or not) install apps only after verifying the creator, and keep a low profile lest some hacktivist vigilante takes an interest in your Twitter feed or website.

Most important of all, if your account details were included in a breach, make sure that id and password are not reused on multiple websites.

Rahul Gandhi, Vijay Mallya, Barkha Dutt and Ravish Kumar are the latest in the list of high-profile targets of the hacking group known as ‘Legion’. Be wary, so you don’t join a list that already includes millions.

-30-

Copyright Madras Courier 2017. All rights reserved. You may share using our article tools. Please don't cut articles from madrascourier.com and redistribute by email, post to the web, mobile phone or social media.
Please send in your feed back and comments to editor@madrascourier.com

Leave a Reply

Your email address will not be published. Required fields are marked *