Good Morning Dear MMS Reader, Hackers (Indian cybersecurity still..)
Just this past week, there was a curious exchange in the Rajya Sabha, India's upper house of parliament. Ravindra Kumar, a member of parliament representing the Telugu Desam Party, wanted to know whether the government's email system—operated by the National Informatics Centre—had been breached in the recent past. If so, he continued, what were the measures in place to prevent such breaches?
In response, Rajeev Chandrasekhar, minister of state for electronics and IT, flatly denied any such thing had happened.
Chandrasekhar's response is interesting because The Mumbai Multimedia Studio & other media houses have, over the past year, highlighted multiple instances where government email IDs have been compromised by hacker groups based overseas. Indeed, these are probably the breaches Kumar was referring to.
However, the subject of today's exclusive story makes Chandrasekhar's response even stranger.
We, at MMS has learnt that between 7 July—a shade over two weeks before the exchange between Chandrasekhar and Kumar—and 14 July, bad actors carried out massive attacks on the government's email infrastructure. Over 500 email accounts were allegedly used to send up to 1,000 phishing mails each. Phishing is the practice of using fraudulent or manipulated messages to steal information. What's more, it's alleged that the secretary of the Ministry of Electronics and IT, which Chandrasekhar represents, had his email and its associated cloud storage folder swept by the hackers.
Chandrasekhar also mentioned multiple features, two of which received more airtime than the others. The first was geofencing—ensuring that foreign IP addresses aren't able to access government networks. But this matters little when you realise that hackers can buy web hosting in India at will, and in the last four months alone, around 9,000 Indian web domains have been bought by individuals in China and Pakistan.
The second major feature Chandrasekhar touted was MFA, or multi-factor authentication. And this is where our story really kicks into top gear. In these latest attacks, hackers took advantage of the government's inconsistent use of MFA, the poor cybersecurity hygiene of Indian officials, and sophisticated phishing campaigns to turn MFA into a weapon of their own... #yusufbhandarkar www.multimediastudio.net
