At least 3,000 email IDs of officials belonging to government organisations such as Indian Space Research Organisation (ISRO), Bhabha Atomic Research Centre (BARC), Ministry of Corporate affairs, Ministry of External Affairs, Atomic Energy Regulatory Board (AERB) and Securities and Exchanges Board of India (SEBI), have been compromised, with their passwords available in plain text across various leaked databases on the dark web, The Quint reported. The officials who seem to have their “gov.in” extension email IDs compromised include former and current ambassadors, and serving and retired scientists from ISRO, the report said.
Majority of email IDs belonged to officials from atomic research institutions: Sai Krishna Kothapalli, founder of Hackrew, who discovered the leaked emails, in a blog post said, that he found a total of 3,202 email IDs with the extension gov.in. Of these, 365 IDs belonged to officials from the Indira Gandhi Centre for Atomic Research, 325 belonged to officials from BARC, and 157 belonged to officials from SEBI. He also wrote that the top 2 organisations whose employees emails IDs and passwords were hacked and are available on the deep web belonged to atomic research. “I am ruling out coincidence because you can’t have two organisations which deal with Atomic research on the top by sheer chance,” he added.
Potential targeted phishing campaign: He also said that some of the email IDs that belonged to officials from atomic research organisations were not a part of of any breach according to Have I Been Pwned, suggesting that they might have been victims of a targeted phishing campaign.
Weak passwords: His research also revealed that more than 85% of the passwords were in plain text, and hackers potentially cracked some of them using services like hashes.org, which is a password recovery platform. He told The Quint that he obtained the leaked email IDs through various channels like deep web forums, IRCs and other dark web websites. His findings also revealed that the leaked passwords were easily weak, commonplace, and easily guessable.
This report comes months after the Nuclear Power Corporation of India Limited (NPCIL) had confirmed that an internet connected computer at the Kudankulam Nuclear Power Plant had been infected. In November 2019, The Quint had reported that the breach was caused by hackers from North Korea, who had also disguised themselves as employees of AERB and BARC and sent hacking mails to their chairmen and other senior experts.