Data breach is one of the security threats that will continue to grow in the future. Hackers are trying to make money from the data that they steal. This threat does not only hurt the businesses, but it also hurts the customers or the citizens. Following was the biggest data breach that happened last year, which was 2018.
Aadhaar data breach happened in India. It hit the Indian database that keeps identifying and biometric information of more than 1.1 billion registered Indian citizens (Whittaker, 2018). The citizens who registered with the Indian government with their fingerprints and biometric data will have the benefit of opening the banks, buying a phone SIM card, enrolling utilities, using government basic services, and receiving state aid or financial assistance.
According to ZDNet, hackers had “access to the Aadhaar database through an API, which the company relies on to check a customer's status and verify their identity” (Whittaker, 2018). The API (Application Programming Interface) was not secure and had no access controls in place, which left a security hole that allow hackers to retrieve private data on each Aadhaar holder. “The affected endpoint used a hardcoded access token, which, when decoded, translates to ‘INDAADHAARSECURESTATUS,’ allowing anyone to query Aadhaar numbers against the database without any additional authentication” (Whittaker, 2018).
Another security issue with the API was “the API didn't have any rate limiting in place, allowing an attacker to cycle through every permutation -- potentially trillions -- of Aadhaar numbers and obtain information each time a successful result is hit” (Whittaker, 2018). This security hole allowed the attacker to send thousands of requests to the database each minute and get the information. Therefore, this caused a huge number of data breaches, which impacted 1.1 billion people.
Not only hackers, but anyone with some knowledge and experience with the API can access the government’s database. “The Tribune newspaper said its reporters were able to access names, email addresses, phone numbers, and postal codes by typing in 12-digit unique identification numbers of people in the government's database, after paying an individual about $8. For another $5, the newspaper said, the individual offered reporters software to print out unique identification cards, called Aadhaar cards, that can be used to access various government services including fuel subsidies and free school meals” (Doshi, 2018).
Regarding a data breach, each country and business might react and solve the problem differently. I could tell that in the US, the government, businesses, and private sectors respond to the data breach very quickly and effectively. In India, “the Indian authorities did nothing for weeks to fix the flaw” (Whittaker, 2018). Why did the Indian government and authorities respond so slowly on the Aadhaar data breach? Do you think it’s because the data breach happened to the public property, not a private sector?
When it comes to the property of public or private, I often see people use it differently. For public property, people often use it improperly, carelessly, and waste a lot. For example, I have seen people who work for government office printed thousands of pages for a project when the document was not finally done yet. A person later reprinted the document when it got fixed. Now, I am working for a small private company. My manager, the owner of the company, even suggested that I do not print any document if it can be shared through email. Not only printing but any office equipment or office supplies the company uses them wisely.
Back to the Aadhaar data breach, I think this security breach happened because the properties belong to the public. People often don’t pay special attention to public property. The way people handle and maintain public properties are often with less attention. Aadhaar data breach was one of the clear examples. “ZDNet spent more than a month trying to contact the Indian authorities -- including the Indian government's National Informatics Centre. Nobody responded to our repeated emails” (Whittaker, 2018).
Here I have a couple of questions that I would like to ask the readers. Do you have friends or relatives who are currently working for the City or State office in the US? Do you think they have a lot of work to do? Do you think they spend their time wisely at work? Do you think they use public property correctly?
Reference:
Doshi, V. (2018, Jan 4). A security breach in India has left a billion people at risk of identity theft. Retrieved from https://www.washingtonpost.com/news/worldviews/wp/2018/01/04/a-security-breach-in-india-has-left-a-billion-people-at-risk-of-identity-theft/?noredirect=on&utm_term=.8209a3b1185d
Whittaker, Z. (2018, Mar 23). A new data leak hits Aadhaar, India's national ID database. Retrieved from https://www.zdnet.com/article/another-data-leak-hits-india-aadhaar-biometric-database/
No comments:
Post a Comment