cyber security

Despite UIDAI denial, leaked Aadhaar demographic data is a goldmine for criminals, say experts

The Unique Identification Authority of India, which manages the Aadhaar database, has claimed that the data cannot be misused.

Hours after a news report on January 4 exposed how the Aadhaar-related demographic data of more than one billion Indian residents had been leaked, the Unique Identification Authority of India, which manages the Aadhaar database, responded that the “mere display” of this information could not “be misused without biometrics”.

Aadhaar is a massive project by the Indian government to provide every resident with a 12-digit unique identity number attached to their biometric data.

However, cyber security experts and lawyers say that the Unique Identification Authority of India’s response was an “incompetent claim”, which indicated that the body was not treating the security breach with the seriousness it warranted.

These experts said that any breach of security of Aadhaar-related demographic data not only violates an individual’s right to privacy, which was upheld by the Supreme Court last year as a fundamental right protected under Article 21 of the Constitution, but also subjects them to threats ranging from financial fraud to the misuse of their identity.

The news report in The Tribune newspaper that exposed the security breach said that it took a reporter only Rs 500 and 10 minutes to access the entire Aadhaar database and its trove of demographic details – such as names, addresses, postal codes, phone numbers, photographs and e-mail addresses of people enrolled in the programme. The Unique Identification Authority of India went on to file a police complaint against the reporter for impersonation, cheating and forgery, among other charges, a move that the Editors Guild of India has condemned as an attack on press freedom.

Resource for criminals

Despite the Unique Identification Authority of India claim that individual security could not been compromised by unauthorised access of the sort reported by the Tribune, Pavan Duggal, a lawyer who specialises in cyber security, disagreed. “Demographic data is largely private data and there is a tremendous amount of risk associated with the unauthorised access of such data,” he said. “It is a goldmine for criminals, in both physical and virtual spaces, who can target any individual through such private data.”

Duggal added: “The availability of demographic data eventually leads to the violation of the right to privacy. It can also act as fodder for groups indulging in financial frauds.”

Kislay Chaudhary, a cyber security expert and consultant to police departments in several states, concurred.

Chaudhary explained that criminals usually initiate financial fraud via a tactic known as social engineering in which they attempt to manipulate people on the phone or online to reveal confidential information such as passwords or bank details. One of the forms social engineering takes is phishing, a process in which criminals phone their targets pretending to be credible persons like bank officials and get them to reveal confidential information. Another form of phishing is when criminals send their targets emails or text messages disguised to look like they are from a reliable source, but which include links to malicious websites designed to give the criminal access to the victim’s electronic devices and the security-related data they contain.

“If demographic information of such a massive scale has been exposed, imagine the sample size of data that such criminals can [now] use to evaluate the behaviour of their targets as part of the social engineering process,” said Chaudhary.

High accuracy, high crime

Vineet Kumar, president of Cyber Peace Foundation, an advisory group involved in the set up of a cyber security system in the Union Ministry of Women and Child Development, said that access to any kind of demographic data made life easier for criminals

“Demographic data acquired from the Aadhaar database will be significantly high in accuracy compared to the limited data which phishing rackets so far had access to,” he said. “Higher accuracy means higher success rate in executing such crimes.”

Kumar said that there has been a surge in spear phishing in which potential victims are specifically picked based on the information the criminal already has about them. This is a more targeted form of fraud than voice phishing in which criminals are usually working blind, without significant information about their potential victims. “If demographic data related to Aadhaar lands in the wrong hands, it can be a rich resource for spear phishing,” he said.

Past trends

In the past few years, there have been several instances of phishing in which unsuspecting people have lost their money after criminals have phoned them on the pretext of updating their Aadhaar details. Often, people have fallen for these cons because the callers had inquired about details that seemed totally unrelated to monetary transactions.

“Here, we are talking about individuals who are not well aware in terms of digital literacy,” Kumar said. “There will always be higher probability for a targeted individual to be deceived if someone calls on the pretext of correcting some demographic information such as permanent address or date of birth, and then initiates a financial transaction by extracting a one-time password calling it some [kind of a] verification code.”

At a meeting on cyber security held in November, Union Home Minister Rajnath Singh had raised concerns about phone fraud, a term commonly used to refer to cases of voice phishing.

National Security matter

This could also hurt national security.

Kumar elaborated: “With such detailed demographic information, one can easily forge identification documents that can be used to procure SIM cards for nefarious activities or gain access to sensitive places such as airports and government offices, thus causing a threat to national security.”

Pavan Duggal criticised the Unique Identification Authority of India for its lackadaisical attitude towards data security. “It is an incompetent claim that demographic data cannot be misused without biometrics,” he said. “It is clear that the entire Aadhaar ecosystem, which deals with both demographic and biometric information, stands poor in terms of cyber security. Any agency that deals with such private data should ensure utmost care in handling information, which will never be possible without complying with information technology rules and stepping up cyber security related to the system.”

Support our journalism by subscribing to Scroll+ here. We welcome your comments at letters@scroll.in.
Sponsored Content BY 

Movies can make you leap beyond what is possible

Movies have the power to inspire us like nothing else.

Why do we love watching movies? The question might be elementary, but one that generates a range of responses. If you had to visualise the world of movies on a spectrum, it would reflect vivid shades of human emotions like inspiration, thrill, fantasy, adventure, love, motivation and empathy - generating a universal appeal bigger than of any other art form.

“I distinctly remember when I first watched Mission Impossible I. The scene where Tom Cruise suspends himself from a ventilator to steal a hard drive is probably the first time I saw special effects, stunts and suspense combined so brilliantly.”  

— Shristi, 30

Beyond the vibe of a movie theatre and the smell of fresh popcorn, there is a deeply personal relationship one creates with films. And with increased access to movies on television channels like &flix, Zee Entertainment’s brand-new English movie channel, we can experience the magic of movies easily, in the comforts of our home.

The channel’s tagline ‘Leap Forth’ is a nod to the exciting and inspiring role that English cinema plays in our lives. Comparable to the pizazz of the movie premieres, the channel launched its logo and tagline through a big reveal on a billboard with Spider-Man in Mumbai, activated by 10,000 tweets from English movies buffs. Their impressive line-up of movies was also shown as part of the launch, enticing fans with new releases such as Spider-Man: Homecoming, Baby Driver, Blade Runner 2049, The Dark Tower, Jumanji: Welcome to the Jungle and Life.

“Edgar Wright is my favourite writer and director. I got interested in film-making because of Hot Fuzz and Shaun of the dead. I love his unique style of storytelling, especially in his latest movie Baby Driver.”

— Siddhant, 26

Indeed, movies can inspire us to ‘leap forth’ in our lives. They give us an out-of-this-world experience by showing us fantasy worlds full of magic and wonder, while being relatable through stories of love, kindness and courage. These movies help us escape the sameness of our everyday lives; expanding our imagination and inspiring us in different ways. The movie world is a window to a universe that is full of people’s imaginations and dreams. It’s vast, vivid and populated with space creatures, superheroes, dragons, mutants and artificial intelligence – making us root for the impossible. Speaking of which, the American science fiction blockbuster, Ghost in the Shell will be premiering on the 24th of June at 1:00 P.M. and 9:00 P.M, only on &flix.

“I relate a lot to Peter Parker. I identified with his shy, dorky nature as well as his loyalty towards his friends. With great power, comes great responsibility is a killer line, one that I would remember for life. Of all the superheroes, I will always root for Spiderman”

— Apoorv, 21

There are a whole lot of movies between the ones that leave a lasting impression and ones that take us through an exhilarating two-hour-long ride. This wide range of movies is available on &flix. The channel’s extensive movie library includes over 450 great titles bringing one hit movie premiere every week. To get a taste of the exciting movies available on &flix, watch the video below:

Play

This article was produced by the Scroll marketing team on behalf of &flix and not by the Scroll editorial team.