NIC Security Breached - E-Mail IP Traced to US-Based Bangalore Firm

Delhi police have stated a major security breach of the National Informatics Centre (NIC). According to the sources, more than 100 computers of the NIC, which is responsible for securing critical cyber infrastructure in the country and the Ministry of Electronics and Information Technology (MeitY), were found to be compromised. The computers broken into also stored data relating to National Security Advisor Ajit Doval, Indian citizens and senior government functionaries.

The breach comes on the back of reports about alleged snooping by a Chinese firm on Indian politicians, military leaders, entrepreneurs and journalists, among others. Soon after the bug was identified, Delhi Police’s special cell registered a case under the Information Technology (IT) Act early September and began investigation, which led them to a US company based in Bengaluru (according to the e-mail’s IP address), from where the bug was generated. According to sources the attack began with the receipt of an e-mail to NIC employees. When a link provided in that e-mail was clicked, data stored on that machine became compromised and computer systems were affected. The Delhi police also informed that these computers contain crucial information and data on India’s security, citizens and important government functionaries, including the prime minister, national security advisor, the home minister, among others.

It’s being assumed that the breach comes amid allegations a Chinese firm - Zhenhua Data Information, which is conducting covert surveillance on thousands of Indians, including the PM and others. When asked if the police suspect it to be an attempt by China to hack into these systems, the source said it was too early to comment, although it could be a possibility. “In the current scenario, it is a possibility which we will be looking into. We have a registered a case and are investigating the same,” the source said. “It definitely is a security breach and we are looking at all angles,” the source added.

Sources also stated that the government has constituted an expert committee (under the National Cyber Security Coordinator) to study these allegations. The committee is to submit a report inside 30 days. In a letter to Congress leader KC Venugopal, who had raised this issue, Foreign Minister S Jaishankar said the claims referred to the Overseas Key Information Database (OKID), which covers around 2.4 million individuals worldwide. The issue has also been raised by the Foreign Ministry with Sun Weidong, the Chinese Ambassador to India. The Chinese government has said Zhenhua is a privately-owned company with no links to Beijing. Zhenhua itself has said OKID data was collected from open sources and is no different from similar databases maintained by Western companies. They have denied accessing private information from confidential sources, Mr Jaishankar said in his letter.

A similar security breach of the NIC was witnessed in August 2014, which raised global concerns about India’s net security practices. That time, as a curious attempt, the government reinstated NIC’s authority to issue certificates but also barred it from doing so for at least six months. Also, companies like Google and Microsoft refused to accept NIC’s certificates and declared many government websites certified by them as unsafe. Many key Indian websites like the income tax authority’s website that allow transfer of sensitive data were dependent on foreign firms to certify their safety.

NIC is responsible for setting up information and communications technology (ICT) infrastructure for the government. It helps in implementation of national and state level e-governance projects, provides consultancy to government departments and is also responsible for research and development, and capacity building. NIC is a repository of information and data and plays a significant role in delivering citizen-centric e-services. The other services it offers include multi gigabit nationwide networks NICNET, NKN, National Data Centres, National Cloud, pan India VC infrastructure, Command and Control Centre, multi-layered GIS based platform, Domain Registration and Webcast.

Read More News :

One Day in Mumbai | What to do?

Karthik Narain to lead $3 billion 'Accenture Cloud First' group