Politics Ignores Cyber Security
Stolen data is being sold on the dark web
News reports of March 5, 2024, confirmed the government’s launch of ‘DIP’ (Digital Intelligence Platform) and ‘Chakshu’ platform, to curb cybercrime and financial fraud. The DIP is for real-time intelligence sharing, information exchange and coordination among the stakeholders (also containing information of misuse of telecom resources), while Chakshu enables the public to report fraud communication received through calls, SMS or WhatsApp.
This was perhaps because in the first quarter of 2024, India suffered 2,807 cyber attacks every week on an average. The Centre recently admitted in Parliament that on May 20, 2024, the state-owned telecom company Bharat Sanchar Nigam Ltd (BSNL) suffered a possible intrusion and data breach.
Terming it “possible intrusion” was a cover up because at that time, indigenous startup ‘Athenian Tech’ had reported that hackers compromised over 278 GB sensitive information of BSNL, which could put millions of users at risk. This came to light when hackers began selling stolen data online on the dark web for $5,000 (about Rs 4.17 Lakhs).
Kanishk Gaur, CEO Athenian Tech, had at that time said that attackers began selling stolen data on the dark web in May itself, and while the price quoted was as low as $5,000, the potential impact could be in millions in terms of a cyber breach or stealing certain identifiable information.”
News reports of June 24, 2024 confirmed sensitive data from BSNL, including IMSI numbers and server details, has been compromised and that the hacker “kiberphant0m” is selling stolen data on the dark web; raising concerns about BSNL's 4G and 5G services.
The report pointed out that this happened within six months of BSNL suffering another data breach involving critical data, including international mobile subscriber identity (IMSI) numbers, SIM card information, home location register details, DP card data and even snapshots of BSNL’s SOLARIS servers.
This incident follows a similar breach in December 2023, where another hacker claimed to have accessed personal information of BSNL users. However, according to Kanishk Gaur, these two hacks are not connected because of the nature of these breaches, and the data that has been compromised, is different.
Pemmasani Chandra Sekhar, Minister of State (MoS) for communications informed Parliament recently that the Indian Computer Emergency Response Team (CERT-In) reported the possible data breach at BSNL to the government. The data breach was analyzed and found that one FTP server had data similar to the sample data shared by CERT-In.
He said no breach into (the) home location register (HLR) of (the) telecom network has been reported by (the) equipment manufacturer, hence no service outage in BSNL’s network. Sekhar also said the government has constituted an Inter-Ministerial Committee to conduct an audit of the telecom networks and suggest remedial measures.
The research work at Athenian Tech has led to the government investigation and formation of the abovementioned Inter-Ministerial Committee. However, according to the startup, with the kind of security measures we have right now, the entire Digital Infrastructure remains vulnerable to Distributed denial-of-Service (DDOS) attacks.
Also, that the BSNL is in bad shape and it exposes entire critical infrastructure to huge risk; national security is in jeopardy.
Why has the government not been able to fix cyber security of the BSNL all these decades when it is a state-owned entity? Obviously cyber security has little relevance, as is the need for a national security strategy; the focus being on votes, elections, trade and economy.
According to reports of July 18, 2024, Tata Telecom, BSNL and Elon Musk have come together to revolutionize internet services in India; having finalised the deal to utilize SpaceX Starlink satellites to offer high-speed internet access across India.
The venture is set to kick off as early as August this year and Starlink has already received the GMPCS license from TRAI GoI. This is supposed to pose a challenge to major players like Jio, Airtel, and Vodafone in the telecom sector. The recent price hikes by these private telecom companies have led many consumers to consider switching to BSNL for more affordable options.
Internet connectivity in remote areas no doubt is required but the question is did we have to tie up with a foreign company like SpaceX for this when we have been raving about ISRO, IN-SPACe and the numerous indigenous startups in the space sector?
Couldn’t we have provided internet connectivity to the remote areas using indigenous satellites? Did we even consider this, did not bother about it, or thought it could not be executed before the next general elections to influence voters?
The price of the deal with SpaceX may not be revealed, especially the considerable under the table part with Elon Musk loaded with money. But what about cyber security where we are not using indigenous satellites notwithstanding the possible excuse of putting additional security measures in place?
The yes-men are already saying what cyber security is, there is nothing like cyber security, and everything is already known to everybody. But Athenian Tech nails it by saying we are sitting ducks.
Finally, this being the state of affairs, do we think we can take on China when cyber security is a vital component of national security?
Lt General Prakash Katoch is an Indian Army veteran. Views expressed here are the writer’s own.