‘Vigilante hacker’ flags security concerns in Aadhaar, govt websites again

NEW DELHI, MAR 14: The anonymous hacker who claims to be a French security researcher and goes by the name of Elliot Alderson on micro-blogging site Twitter, once again on Tuesday sought to expose the vulnerability of Indian government websites. Alderson — a name which is perhaps inspired from the American television series Mr. Robot’s main protagonist who goes by the same name and is a cybersecurity engineer and vigilante hacker — posted some screenshots on Twitter along with a URL of the Andhra Pradesh government’s website about how biometric data and Aadhaar card scans of people were openly available.
The URL seems to have been blocked after the hacker’s tweet. This is not the first time, Alderson has pointed out chinks in Indian websites’ security — both government and otherwise. Over the past few months, many vulnerabilities pointed out by the anonymous vigilante hacker have, in fact, even been reportedly fixed after being exposed.
To recap, Alderson is the same person who had flagged that digital payments company Paytm was asking its Android users for ‘root access’ to their phones which would have effectively given the company complete access to a user’s device. While Paytm has now stopped asking for the access, it maintains that the earlier request was on the back of requirements laid down by payments umbrella body, NPCI (National Payments Corporation of India) which mandates checking if a device is
rooted.
However, the vigilante seems to have been especially focused on exposing Aadhaar — the 12 digit unique identification number based on biometric and demographic data — related security flaws and vulnerabilities.
All this while though, UIDAI (Unique Identification Authority of India) — the body which controls and issues the biometrics-based identities has maintained that the system is “safe and secure”. Interestingly, Alderson has pointed out that he’s not necessarily against Aadhaar.
I want to say something. I’m not against #Aadhaar. Not I’m in favour of #Aadhaar. I just think that a project of this size deserves maximum security
I herewith tender my apology for canvassing for Modi four years back now
Given the vigilante’s focus and interest in India and the Indian system, it’s highly probable that the “French researcher’ identity is just a diversionary tactic, which is commonplace among the hacker community.
In the winter of 2016, a similar vigilante group that called itself Legion had social media in a tizzy with high profile e-mail and Twitter hacks of prominent industrialists, politicians and journalists.

Recommended For You

About the Author: editor

Facebook