​India's telecom regulator chief issues public challenge to hack into his private data

Part-comic, part-disturbing, this online spectacle is just another event underlining the India government's disdain for any meaningful dialogue on issues of data security.

An absurd, entertaining yet disturbing drama has engulfed Twitter in India involving the current head of the Telecom Authority of India (TRAI), who decided to publicly defend the much criticized Universal ID program launched by the government recently, called "Aadhaar".

First, a little background to make sense of this circus. Every Indian citizen is now required to obtain an Aadhaar number, which is then linked to other sensitive information such as biometrics, bank account details, email IDs, and other such sensitive details.

This has become extremely problematic in India because the Aadhaar number is now being stipulated as mandatory even in instances that should not have anything to do with the availing of services -- such as getting a SIM card for your cellphone.

The protest against this widespread use of Aadhaar is not just philosophical -- it is the very foundations on which an all-knowing surveillance state builds its infrastructure and monitors the movements of its citizens.

That is the first serious problem. The second one, which is even worse, is that the state has shown gross incompetence in protecting the databases on which this sensitive personal data is stored. In many instances, as reported by ZDNet over the past few months, this database has been breached by hackers and millions of individuals' details have become available for paltry sums by shady cyber middlemen.

Yet, the government has first remained silent for weeks about this breach, then denied it, and finally gone after those who have clearly demonstrated how easy it is to obtain this information as if they were the criminal elements responsible for the breach.

Then, just a few days ago, the current head of the telecom regulator in India, RS Sharma, who is a former head of the Universal ID program or Aadhaar decided that he had suffered enough by sitting on the sidelines watching the ignominy of his former baby maligned by critics for the sieve-like ability of its database to allow practically anyone to access what should be ultra-sensitive details.

Sharma posted his own Aadhaar number on his Twitter account and boldly declared: "Now I give this challenge to you: Show me one concrete example where you can do any harm to me!"

Just a few hours later, apparent French security expert who goes by the moniker Elliot Alderson (@fs0c131y) promptly publicly revealed some personal information about Sharma such as his PAN number (used primarily for filing taxes), address details, and his former and current phone number. Sharma was instantly and widely trolled. French hacker Alderson then posted: "People managed to get your personal address, dob [date of birth] and your alternate phone number. I stop here, I hope you will understand why make your #Aadhaar number public is not a good idea."

Lets ignore, for now, the fact that a public servant publicly exhorted Indian citizens to commit a crime -- in fact, making his own ID number public is evidently a crime to begin with under the Aadhaar Act passed in 2016.

When contacted by The New Indian Express, Sharma denied that any of this information was obtained by anyone using his Aadhaar number and that the database was compromised. "Let the challenge run for some time", he said. "No I did not challenge them for phone number and other info. I challenged them for causing me harm! So far no success. Wish them luck," Mr Sharma added on Twitter.

Then, it was disclosed that the token sum of 1 rupee was deposited into Sharma's bank account using a BHIM UPI app as well as Facebook and Amazon cloud services accounts opened on his behalf.

All of this may be fun and games but it is simply more proof of the disinterest that the current Indian government has in securing the data security of its citizens.

PREVIOUS AND RELATED COVERAGE

India desperately needs a delayed data privacy law

Opinion: The law is imminent, but critics fear the committee responsible for its architecture may be too partial to the flawed and unconstitutional universal ID program, called Aadhaar, which has made sharing private information by and large mandatory.

Singapore suffers 'most serious' data breach, affecting 1.5m healthcare patients including PM

Government describes attack as "deliberate, targeted, well-planned" and assures no medical data has been tempered with, but security vendors warn compromised data may end up for sale on the Dark Web.

Canberra still in denial over My Health Record concerns

The government is attempting to hose down concerns about the privacy of Australia's centralised digital health records, but their own messaging continues to prove they still don't get it.

This remote, small town is the epicentre of cybercrime in India

Unemployed youth in Jamtara in the state of Jharkhand have hoodwinked millions of Indians across the length and breadth of the country.

India's digital Universal ID program is deeply flawed, say critics

Using electricity-reliant technology in the hinterland is just one big problem amongst many say observers. But the government doesn't seem to care.

Is the Indian government developing a tool for mass surveillance of its citizens?

If the tender is successful, it could be a disaster for the privacy of Indian citizens.

Starting at $40, hackers can attack your business with services bought on the dark web (TechRepublic)

Cybercrime across the dark web is not a new concept, but the low prices for doing so are. Here are the most popular attack vectors.