A group of Chinese state-sponsored hackers have reportedly attempted to hack into the Indian Media giant Bennett Coleman and Co Ltd (BCCL), also known as “The Times Group”, the Unique Identification Authority of India (UIDAI); and the Madhya Pradesh police department.
In a report published by the Insikt Group, a group of Chinese state-sponsored hackers, temporarily designated as TAG-28, are suspected of targeting the aforementioned entities.
The UIDAI is an Indian government agency responsible for the national identification database, commonly known as Aadhaar, contains the private biometric information of over 1 billion Indian citizens. According to the reports, the China-linked hackers launched a whole host of cyberattacks in February against many key Indian targets including The Times Group and the UIDAI.
This attack on the cyberspace of the aforementioned entities follows a clash between Indian and Chinese troops in the border region of the Galwan Valley, where the troops battled face-to-face for 4 hours in the dark at an altitude of more than 14000 feet. The clash took place in a remote area of the Himalayan region, and was reportedly fought with fists, batons, clubs wrapped with barbed wire, and rocks.
Chinese hackers and news outlets
As per the report on the suspected intrusion, investigators claim that it is nearly impossible to ascertain what exactly was taken during the intrusion into BCCL, but it has been stated that some 500 MB of data was transferred to an off-site server controlled by TAG-28 hackers.
It comes as no surprise that the Chinese hackers would want to target such a massive entity like BCCL, because the Times of India is the largest english language daily in the world and has done some extensive reporting on China’s spat with India over the last 2 years. Hacking into BCCL servers mean access to various sources of articles, journalists’ notes, unpublished articles, among many other things. The Times of India has also been publishing various articles about the RedFoxTrot and RedEcho cyberattacks.
The RedEcho cyberattacks was primarily focused on India’s critical infrastructure such as power grids, for which the government has already proposed preventive measures. The RedFoxTrot cyberattack was known to target state-owned enterprises in the defense, space, and nuclear sectors. There have also been many reports of government officials having their emails hacked even though they are supposed to be well-protected by the government’s cyber-protection mechanisms such as Kavach.
Back in 2013, there were many reports of Chinese state-sponsored hackers targeting major news outlets such as the New York Times, Washington Post, and Bloomberg News. There intrusions were a part of a widespread intelligence-gathering operation after these new outlets published articles portraying China in bad light. So, it is an understatement to say that the BCCL intrusion is not the first of its kind from Chinese threat actors.
UIDAI data holds great value
Since 2009, the Indian government assigns a unique 12-digit identity number to all citizens to attain the services of the government. The ‘Aadhaar card” is a basic necessity for all Indian citizens in this day and age. It covers close to 90% of the Indian population, while not only collecting basic information like name, date of birth, address, etc., but also photographs (that are regularly updated, phone numbers, fingerprints, and even retinal scans. All this information is collected by the UIDAI and stored away.
For a state-sponsored hacker group to gain access to the UIDAI servers is like stumbling onto a gold mine of information. The main concern is biometrics. A lot of the information collected for the Aadhaar card is changeable, but things like fingerprints and retinal scans are forever. Accessing biometric information on UIDAI is like having the permanent credentials of 90% of india’s population. Having access to biometrics from the UIDAI means that hackers might also be able to access bank accounts, social welfare programs linked, and the many other services linked to the Aadhaar card of Indians.
The question that now looms is about what China would do with this trove of biometric data which they may have access to?
Many reports suggest that China has been making major strides in their Artificial Intelligence machines. They have already surpassed the US in terms of AI research and are poised to become a leader in AI-empowered businesses, such as sppech and image recognition applications.
Anybody who is familiar with AI knows that, for an AI to be much more efficient in what it does, it needs to learn and for an AI to learn, it needs a lot of information from which it can find patterns, recognise speech or even faces. Hypothetically, if China did gain access to the information available with the UIDAI, their AI ambitions would have an even bigger boost.
Another worrying aspect is state-sponsored threat actors having access to critical biometric information and other data from Aadhaar cards, which can enable them to easily identify even the top government officials in India and target them with social engineering or phishing attacks, which has already been a concern for India. In an era where the dependence on technology is more than ever before, information security must be the top priority especially for entities like the UIDAI that possess such critical information.
According to Bloomberg, both UIDAI and BCCL have denied any such intrusion. BCCL have dismissed the report claiming that the intrusion was blocked by their cybersecurity defenses. UIDAI has stated that their database is encrypted and only available to users with multi-factor authentication. Even the Chinese Foreign Ministry has dismissed the report stating that it is “entirely made up”.
Recorded Future, the parent company of the Insikt group, are yet to issue a response to these statements.