Tamil Nadu IT Department on Red Alert
The Tamil Nadu IT department has now been placed on red alert after it received a tip-off about a cyber-crime gang that was planning to hack the websites of some of the leading IT companies in the state. The cyber-crooks are allegedly planning to attack the websites of Tata Consultancy Services (TCS), ITC, Infosys, Wipro, SAP and their subsidiaries, according to police. The gang allegedly had access to the systems of some of these companies and targeted them with fake offers and cyber attacks. The gang is allegedly planning to hack the websites of TCS, Infosys among others and distribute fake offers to their employees. Police said that one of the gang’s members is known to the IT department.
Hacked Websites of TCS, ITC, Infosys: In this blog, we will explore the details of the cyber-attacks and threats which were successfully carried out by computer gangs from Chennai as part of an attempt to hack the websites of some of the leading IT companies like TCS, ITC, Infosys, Wipro, SAP and their subsidiaries, according to the police. This is a result of the effort of the cyber security personnel to protect the vital services of the state.
The state has been placed on red alert after it received a tip-off about a cyber attack from a hacker, who allegedly threatened to hack the websites of 10 TCS, ITC and Infosys companies. The cyber criminals have been carrying out a cyber criminal activity ‘to attack the websites of these TCS, ITC and Infosys companies’, a police official said.
It is believed that the gangs have access to the computers of several key IT companies in the state. The cyber criminals have also been successfully hacking the websites of several Indian companies, including TCS, Airtel, Vodafone etc.
The Tamil Nadu IT department had made a public statement seeking an explanation from the hackers over their alleged cyber-crime activities. In that statement the IT department has named TCS, Airtel and Infosys as the 10 largest IT companies in the state.
Lifting Aadhaar card numbers, addresses and mobile numbers belonging to over 5.2 million consumers
The PDS Data Breach is a matter of concern to all the citizens of Tamil Nadu who were affected by the cyber attack. This attack has been found to be very much targeted to a particular social group namely farmers and petty business men who are the victims of cyber attacks. The attacks have been launched over the past few months, and have been carried out using a particular type of malware known as the PDP or Post Exploitation and Distribution Module. It is called such because it is a software module that is part of the PDS or Post Data Security. This module is installed into the Aadhaar, Aadhaar Card and Mobile number databases. The attacks have been carried out by hackers with the help of a particular type of malware namely the PDS Malware. This malware is installed not on the machine which carries it, but on a particular server which is responsible for making it accessible to the hackers. The PDS malware is used by hackers to access the databases so that they can access the information which is kept inside these databases. This malware is installed on the servers which are located in countries including US. This makes the attackers to access these information. These data on the databases are accessible by hackers in any of the other countries where there have been attacks. This attack has been carried out by hackers so that they can collect and leak the information so that they can carry out frauds.
All the three databases of India – Aadhaar, Aadhaar Card and Mobile Number databases, contain the data of millions of citizens including their addresses, mobile numbers and their names. These databases are kept in public places like offices and universities, and these databases are available to anyone who is willing to give them out. One of the databases which is stored in such a public place like office is the Aadhaar database. This database is kept in different locations including banks, universities and commercial establishments, and it is exposed to the public. The cyber attacks have been launched against the Aadhaar database in which millions of citizens including farmers and petty business men are affected by cyber attacks. The government has taken various steps to save the citizens of the country from this very common cyber attack. The cyber attack has affected the Aadhaar database because it has been created by hackers.
Aadhaar database has been found to have been compromised with a number of personal details including details of the addresses of over 5.
Further Assessment of the Data Breasure by Technisanct
The Tamil Nadu government’s Data Protection and Cyber Crime Cell, the State’s first such body with cyber crime jurisdiction, has reportedly issued a press release ‘adhering’ to a cyber security professional’s plea to delete the information on the personal details of a certain person mentioned in the press release. This is a breach of the data protection norms. Even then, the court refused to let the Information Technology (IT) ministry or Government to ask the cyber security professional to produce the deleted information. This ruling has set the stage for the IT department to seek a clarification on this matter. The Cyber Startup had published an image on Facebook with names and details mentioned in the press release and the IT ministry later asked the Cyber Startup to delete the records in a public forum. The Cyber Startup posted the image on its Facebook page and stated that its name was an innocent mistake. The IT ministry subsequently sent an official letter demanding the deletion on a public forum. The Cyber Startup had said that it will continue to pursue its judicial remedy in court. The state government, however, refused to acknowledge the IT ministry’s demand, citing that it was not in power to check their action as they had no legal authority.
The IT department further stated that it is concerned that the Cyber Startup may have compromised the personal information of the person named in the press release. It has also reportedly asked the Cyber Startup to send its official response by September 9. The cyber security professional who had issued the press release has been threatened with cancellation of his career with the IT department, in case he refuses to produce the deleted records. In a news item, the IT department further stated: “The IT department cannot be a vigilante in the field of Information Technology. We do not have the capacity to conduct a proper investigation. It is also not possible to monitor the activities of various cyber security agencies. The Cyber Startup appears to be a rogue agency in this regard. But whatever actions it may take, it shall not go beyond the limits of legal processes”. Further, the IT ministry has also asked cyber security professionals to explain why the Cyber Startup posted the press release with the names and details mentioned in the press release. The Cyber Startup has asked the IT department to provide documentation to the public explaining the above issues.