wordpress blog stats
Connect with us

Hi, what are you looking for?

India’s National Internet Registry was hacked and data put up for sale on public Darknet forum


Cyber security solutions company Seqrite, along with its partner seQtree detected and notified the Indian government about a possible breach of India’s National Internet Registry – IRINN (Indian Registry for Internet Names and Numbers), the company informed via a blog post. Apparently, the hacker(s) had advertised “access to the servers and database dump of an unspecified Internet Registry” on a Darknet platform, which Seqrite and seQtree identified as IRINN.

IRINN “provides allocation and registration services of Internet Protocol addresses (IPv4 & IPv6) and Autonomous System numbers,” according to its official website. It is part of NIXI (National Internet Exchange of India), which “is the neutral meeting point of the ISPs in India with the primary objective being the facilitation of exchange of domestic Internet traffic between peering ISP members.”

The sequence of events as described by Seqrite:

  • Upon noticing the broadcast advertisement, seQtree and Seqrite teams started gathering background research on the actor but did not yield any concrete information.
  • But the team didn’t get any relevant data even after conducting deep research and it appeared that this actor’s persona was created recently. This is an ongoing trend that the team has noticed with recent data breaches.
  • The team then contacted the actor for further details, posing as an interested buyer. Initially the actor was not willing to disclose the name of affected Internet Registry, however, later he agreed to share a small sample of email list from the allegedly compromised database.
  • In the sample, the team noticed email address of a prominent Indian technology firm and another email address was from Indian government. Then the team asked for complete/extensive emails list.
  • Eventually, the actor agreed to share a text file containing the emails of users/organizations affected, allegedly from the compromised database(s). The text file contained a list of approx. 6000 emails.
  • It was observed some of the most important and high-profile organizations featured in the list. At this point, the team first thought the possibility of the affected organization being India’s National Internet Registry: IRINN (Indian Registry for Internet Names and Numbers) which comes under NIXI.
  • To confirm our suspicion, we probed the actor further. The actor agreed to share screenshots which confirmed our suspicion that the compromise/breach is, unfortunately true and IRINN is the affected organization.
  • The actor also hinted on the chat that if he doesn’t find any interested buyer, actor will consider posting this on Darknet forum(s)/marketplace(s).
  • If he gets an interested buyer, then attack on the system could have disrupted Internet IP allocation and in-turn the complete Internet in India.

The data put up for sale includes that of several government organisations, telecom companies, multiple financial institutions and technology companies such as Unique Identification Authority of India (UIDAI), Defence Research and Development Organisation (DRDO), Reserve Bank of India (RBI), Idea Telecom, Aircel, Bharat Sanchar Nigam Limited (BSNL), Bombay Stock Exchange (BSE), Mastercard/Visa, State Bank of India (SBI), Flipkart, Ernst & Young (E&Y), and Wipro among many others. You can check out the entire list of organisations, as well as screenshots of the data shared by the hacker(s) here.

The advertisement on the Darknet forum posted by the hacker(s) reads:

“As mentioned in the title, selling database of one of the biggest Internet Protocol controller.

In client Database you can get username, email ids, passwords, organisation name, invoices/billing documents, and few more important fields. You can also control IP range of respective organisation. You can entirely shut down that organisation.

Advertisement. Scroll to continue reading.

Selling it for 15 BTC.”

15 Bitcoins at the current exchange rate comes up to over $64,000 or Rs 41.8 lakh.

Apparently, the appropriate government agencies have been informed, and they acknowledged it and taken care of the matter. However, the same hasn’t yet been acknowledged publicly.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Do we have an enabling system for the National Data Governance Framework Policy (NDGFP) aiming to create an repository of non-personal data?


A viewpoint on why the regulation of cryptocurrencies and crypto exchnages under 2019's E-Commerce Rules puts it in a 'grey area'


India's IT Rules mandate a GAC to address user 'grievances' , but is re-instatement of content removed by a platform a power it should...


There is a need for reconceptualizing personal, non-personal data and the concept of privacy itself for regulators to effectively protect data


Existing consumer protection regulations are not sufficient to cover the extent of protection that a crypto-investor would require.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ