The recent data leak, suspected to have originated from the ICMR servers, may have resulted from a cybersecurity vulnerability, specifically the SQL injection, where an attacker inserts a malicious code into the web application input fields, which can lead to unauthorised access, manipulation or retrieval of data, experts and investigators have suggested.
There are indications that the attacker possibly performed administrative operations on the database after executing the process. The involvement of an insider has not been ruled out. Investigations by the Central Bureau of Investigation (CBI) and the Delhi Police are underway.
News18 was the first to report the leak of data belonging to 81.5 crore Indians, considered to be one of the largest data breaches. The Ministry of Home Affairs (MHA) has taken the action by blocking two URLs displaying sample data, seeking assistance from MeitY under the IT Act.
Sources said the two URLs had the sample data that are now blocked.
“SQL injection is a type of cybersecurity vulnerability that happens after an attacker inserts a malicious SQL code into input fields of a web application, exploiting vulnerabilities in the application’s database layer. This can lead to unauthorised access, manipulation, or retrieval of data, and in some cases, allow attackers to execute administrative operations on the database. Though this has not been completely established yet but evidences collected so far is hinting towards this,” a senior official involved with the investigation told News18 on the condition of anonymity.
Around 90% data of the RTPCR App that has information of 90 crore Indians is suspected to have been leaked from the server.
The ICMR and health ministry cyber infrastructure will undergo a security audit by the Standardisation Testing and Quality Certification (STQC) as suggested by the experts.
Sources further said logs are also under scanner as the agencies are not ruling out the role of an insider as there is a possibility that someone leaked the data through accessing it illegally.
The Delhi Police, who had arrested four around 10 days ago, said the accused sold the personal details of the citizens on the dark web after managing to get the data leaked from ICMR.
In November, Union Minister of State for Electronics and Information Technology Rajeev Chandrasekhar had said there was evidence of data leak, but not theft. He pointed out that several people had access to the database prepared by the government departments during the Covid-19 pandemic, pertaining to testing, vaccination and diagnosis of patients.
Comments
0 comment