Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Indian Government. Show all posts
Indian Government
Aadhar Card Aadhar Security Authentication Biometric data Cyber Security data security Indian Government

India Expands Aadhaar Authentication, Allowing Private Sector Access to Biometric Data

 

The Indian government has introduced significant changes to its Aadhaar authentication system, expanding its use to a wider range of industries. Previously restricted to sectors like banking, telecommunications, and public utilities, Aadhaar verification will now be available to businesses in healthcare, travel, hospitality, and e-commerce. Officials claim this change will enhance service efficiency and security, but privacy advocates have raised concerns about potential misuse of biometric data. 

On January 31, the Ministry of Electronics and Information Technology (MeitY) announced revisions to the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Rules, 2025. These amendments allow both public and private organizations to integrate Aadhaar-based authentication into their operations, provided their services align with the public interest. The government states that this update is designed to improve identity verification processes and ensure smoother service delivery across various sectors.  

One major change in the updated framework is the removal of a rule that previously linked Aadhaar authentication to preventing financial fraud. This revision broadens the scope of verification, allowing more businesses to use Aadhaar data for customer identification. The Unique Identification Authority of India (UIDAI), the agency overseeing Aadhaar, will continue to manage the authentication system. The scale of Aadhaar’s use has grown significantly. 

Government records indicate that Aadhaar authentication was conducted in nearly 130 billion transactions by January 2025, a sharp increase from just over 109 billion transactions the previous year. With the new regulations, companies wishing to adopt Aadhaar authentication must submit detailed applications outlining their intended use. These requests will be reviewed by the relevant government department and UIDAI before receiving approval. Despite the government’s assurance that all applications will undergo strict scrutiny, critics argue that the review process lacks clarity. 

Kamesh Shekar, a policy expert at The Dialogue, a technology-focused think tank, has called for more transparency regarding the criteria used to assess these requests. He pointed out that the Supreme Court has previously raised concerns about potential misuse of Aadhaar data. These concerns stem from past legal challenges to Aadhaar’s use. In 2018, the Supreme Court struck down Section 57 of the Aadhaar Act, which had previously allowed private entities to use Aadhaar for identity verification. 

A later amendment in 2019 permitted voluntary authentication, but that provision remains contested in court. Now, with an even broader scope for Aadhaar verification, experts worry that insufficient safeguards could put citizens’ biometric data at risk. While the expansion of Aadhaar authentication is expected to simplify verification for businesses and consumers, the ongoing debate over privacy and data security underscores the need for stricter oversight. 

As Aadhaar continues to evolve, ensuring a balance between convenience and personal data protection will be crucial.
Read more »
User Security
14C Cyber Crime Digital Fraud Indian Government User Security

India Launches 'Report and Check Suspect' Feature to Combat Cybercrime

 

India’s National Cyber Crime Reporting Portal now features a ‘Report and Check Suspect’ tool, allowing users to verify UPI IDs, phone numbers, emails, and social media handles against a database of known cyber fraudsters.

Focusing on Digital Arrest Scams

The system targets scams where fraudsters impersonate officials to extort money under the pretense of “digital arrests.” Users can search the database at cybercrime.gov.in to identify potential threats.

Integrated Cybersecurity Measures

The tool complements other initiatives like blocking 669,000 fake SIM cards and implementing enhanced KYC protocols for digital lending. Major tech firms, including Google and Facebook, are collaborating with the Indian Cyber Crime Coordination Centre (I4C) to share threat intelligence and curb misuse of platforms like Google Firebase and Android banking malware.

The Ministry of Home Affairs has also established a Cyber Volunteer Framework, enabling citizens to report illegal online content and promote cyber hygiene. Additionally, the Citizen Financial Cyber Frauds Reporting and Management System (CFCFRMS) expedites action against financial frauds.

These initiatives align with India’s broader efforts to secure digital transactions, including mandating multi-factor authentication for government services by 2025.

Read more »
User Security
Cyber Fraud E-Challan Scams Financial Fraud Indian Government User Security

Here's How Users Can Safeguard Themselves From E-Challan Scams

 

In light of the growing prevalence of e-challan scams, the Indian Computer Emergency Response Team (CERT-In) has released some crucial advice to prevent individuals from becoming victims and suffering financial loss. 

Nearly 4400 devices have been infected with malware, resulting in approximately Rs 16 lakh worth of fraudulent transactions, according to a recent PTI report. Users are tricked into falling for these scams by Vietnamese hackers who employ Android malware. 

As part of the campaign, the victims receive a fraudulent e-challan message on WhatsApp containing a fake payment link. By clicking the link, hackers are able to access the device. 

Modus operandi 

Phishing messages: You receive a text message or email claiming to be from an authentic traffic authority. The notification states that you have an unpaid traffic penalty and imposes a significant charge. 

Fake links: The mail will include a link that will prompt you to click to check the e-challan details or complete the payment. 

Spoofed websites: Clicking the link may direct you to a fraudulent website that appears to be an actual traffic authority website. This website is designed to steal your personal information, such as credit card information, login credentials, or Aadhaar numbers. 

Prevention tips 

Visit official site: The government security agency recommends users to only make e-challan payments using official websites. It's vital to note that each state has its own e-challan website. Legitimate e-challan websites typically end with a ".gov.in" domain extension. So, before making a payment, make sure you're using the right website.

Don't click on suspicious links: As previously said, it's best to avoid clicking on random links. This might have harmful software on it that could harm your device.

Use antivirus software: Antivirus software is able to search for, identify, and prevent this kind of malware from infecting the device. Make sure the antivirus program is updated and has the latest available database. 

If you have been a victim of financial fraud, you can file a report with your local police station as well as the cybercrime portal.
Read more »
Indian Government
Backdoor Attacks China cyber threats Data Breach Data Leak Indian Government

China's Backdoor Data Infiltration: A Growing Concern For Indian Government

 

Indian security agencies are concerned about a potential huge data breach triggered by Chinese microchips and hardware detected in biometric attendance systems (BAS) deployed in central and state government buildings, including sensitive departments. 

During their investigations, intelligence agencies discovered that over a dozen Indian enterprises that sold these biometric attendance systems to government offices used devices with Chinese-origin parts. The firms are under the scanner for potential data leaks. 

Nearly 7,500 central and state government institutions, employing around 900,000 central and 1.7 million state employees, may have been using over 80,000 dubious biometric attendance systems. This includes key central and state government buildings, as well as military and defence offices. 

According to intelligence sources, these biometric attendance systems can be easily utilised by Chinese firms to gain access to data such as the number of officials in a specific organisation, their designations, and even their locations. 

These companies are bound by China's National Intelligence Law, 2017, to send all of their data to Chinese state intelligence agencies. The law, which went into force in June 2017, gives the Chinese government extensive power to manage and access data from companies that fall under its jurisdiction.

Given China's aggressive spying tactics, India's ministry of home affairs has established a dedicated wing of intelligence officials to monitor Chinese firms' activity in India as well as the Indian security system. Furthermore, the Indian government is working to eliminate the presence of Chinese-made equipment, particularly from the national security apparatus. 

Earlier, security officials expressed serious concerns about the potential threat of data leakage from surveillance cameras, particularly those of Chinese origin, installed at various military installations across the country.

According to a letter from the Integrated Defence Headquarters at the Ministry of Defence (MoD), one of the market leaders in surveillance cameras, which is 41% owned by the Chinese government, is operating in India through a collaboration with an Indian company. The modules for these camera systems are supplied by a Chinese company, although the items are advertised as 'Made in India', the MoD stated. 

Following the Chinese troops' incursion into Ladakh, the ministry of finance's department of expenditure issued GFR (general finance rule) 144 XI on July 23, 2020, to ensure that Chinese firms do not participate in procurements directly or through Indian/Chinese subsidiaries without first registering with the DPIIT (Department for Promotion of Industry and Internal Trade).
Read more »
Indian Government
Data Breach Data Leak Data Privacy Employee Data Indian Government

Hacker Claims Data Breach of India’s Blue-Collar Worker Database

 

A hacker claims to have accessed a large database linked with the Indian government's portal for blue-collar workers emigrating from the country. 

The eMigrate portal's database allegedly includes full names, contact numbers, email addresses, dates of birth, mailing addresses, and passport data of individuals who allegedly registered for the portal.

The Ministry of External Affairs launched eMigrate, which helps Indian workers in emigrating overseas. The portal also offers clearance tracking and insurance services to migrating workers. 

The database for sale on a recognised cybercrime forum looks to be genuine and it even includes the contact information for the Indian government's foreign ambassador. While it is unclear whether the data was stolen directly from the eMigrate portal or via a previous breach, the threat actors claim to have access to at least 200,000 internal and registered user accounts. 

India's Computer Emergency Response Team (CERT-In) is working with the relevant authorities to take appropriate action, while the Ministry of External Affairs is yet to respond on the matter. This is not the first time India's government portals have been accused of data leak. 

Earlier this year, an Indian state government website was found exposing sensitive documents and personal information of millions of residents. In May, scammers were found to have tricked government websites into displaying adverts that redirected users to online betting sites. 

The implications of such data breaches is difficult to estimate. However, data breaches can have serious consequences for individuals whose personal information is exposed. Personal information provided on hacker forums is frequently used by attackers to launch phishing attacks, steal identities, and compromise users' financial security. 

“Personal data is its own form of digital currency on the internet and breaches cost organizations a significant amount. The breaches impacting organizations and government entities are what the public sees front and center, but the impact on the end user isn’t as visible.” Satnam Narang, sr. staff research engineer, Tenable stated.
Read more »
Telecom Sector
Cyber Fraud cybercriminals DoT Fake Calls Fraud Calls Identity Fraud India Indian Government Spoofing Telecom Sector

Combatting International Spoofed Calls: India's New Measures to Protect Citizens

 

In recent times, fraudsters have increasingly used international spoofed calls displaying Indian mobile numbers to commit cybercrime and financial fraud. These calls, which appear to originate within India, are actually made by criminals abroad who manipulate the calling line identity (CLI). 

Such spoofed calls have been used in various scams, including fake digital arrests, FedEx frauds, narcotics in courier schemes, and impersonation of government and police officials. To combat this growing threat, the Department of Telecommunications (DoT) and Telecom Service Providers (TSPs) in India have developed a system to identify and block incoming international spoofed calls. 

This initiative aims to prevent such calls from reaching any Indian telecom subscriber. The Ministry of Communications announced that TSPs have been directed to block these calls and are already taking steps to prevent calls with spoofed Indian landline numbers. In addition to this, the DoT has launched the Sanchar Saathi portal, a citizen-centric platform designed to enhance user safety and security amid the rising threat of fraud and international call scams. This portal includes a feature called "Chakshu," which allows individuals to report suspicious calls and messages. 

Chakshu simplifies the process of flagging fraudulent communications, providing an extra layer of protection against cybercriminals. Chakshu serves as a backend repository for citizen-initiated requests on the Sanchar Saathi platform, facilitating real-time intelligence sharing among various stakeholders. The platform also provides information on cases where telecom resources have been misused, helping to coordinate actions among stakeholders. 

Union Minister Ashwini Vaishnaw has highlighted additional measures, including creating a grievance redressal platform for reporting unintended disconnections and a mechanism for returning money frozen due to fraud. These efforts aim to address the concerns of citizens who may have been inadvertently affected by the anti-fraud measures. Since its launch in May last year, the Sanchar Saathi portal has been instrumental in enhancing the security of telecom users. It has helped track or block over 700,000 lost mobile phones and detect more than 6.7 million suspicious communication attempts. 

These efforts underscore the government's commitment to safeguarding citizens from cyber threats and ensuring the integrity of telecom services. The DoT and TSPs' proactive measures, along with the Sanchar Saathi portal, represent significant steps towards protecting Indian citizens from international spoofed calls and other forms of cybercrime. By leveraging advanced technology and fostering collaboration among stakeholders, these initiatives aim to create a safer digital environment for all.
Read more »
Third-Party Risks
Biometric data biometric vulnerability Data Breach Data Leak Hackers attack Indian Government Indian Government hacked personal information exposure Third-Party Risks

Massive Data Breach Exposes Sensitive Information of Indian Law Enforcement Officials

 

Recently, a significant data breach compromised the personal information of thousands of law enforcement officials and police officer applicants in India. Discovered by security researcher Jeremiah Fowler, the breach exposed sensitive details such as fingerprints, facial scans, signatures, and descriptions of tattoos and scars. Alarmingly, around the same time, cybercriminals advertised the sale of similar biometric data on Telegram. 

The breach was traced to an exposed web server linked to ThoughtGreen Technologies, an IT firm with offices in India, Australia, and the United States. Fowler found nearly 500 gigabytes of data, encompassing 1.6 million documents dating from 2021 to early April. This data included personal information about various professionals, including teachers, railway workers, and law enforcement officials. Among the documents were birth certificates, diplomas, and job applications. 

Although the server has been secured, the incident highlights the risks of collecting and storing biometric data and the potential misuse if leaked. “You can change your name, you can change your bank information, but you can't change your actual biometrics,” Fowler noted. This data, if accessed by cybercriminals, poses a long-term risk, especially for individuals in sensitive law enforcement roles. Prateek Waghre, executive director of the Internet Freedom Foundation, emphasized the extensive biometric data collection in India and the heightened security risks for law enforcement personnel. 

If compromised, such data can be misused to gain unauthorized access to sensitive information. Fowler also found a Telegram channel advertising the sale of Indian police data, including specific individuals’ information, shortly after the database was secured. The structure and screenshots of the data matched what Fowler had seen. For ethical reasons, he did not purchase the data, so he could not fully verify its authenticity. In response, ThoughtGreen Technologies stated, “We take data security very seriously and have taken immediate steps to secure the exposed data.” 

They assured a thorough investigation to prevent future incidents but did not provide specific details. The company also reported the breach to Indian law enforcement but did not specify which organization was contacted. When shown a screenshot of the Telegram post, the company claimed it was “not our data.” Telegram did not respond to requests for comment. 

Shivangi Narayan, an independent researcher, stressed the need for more robust data protection laws and better data handling practices by companies. Data breaches are so frequent that they no longer shock people, as evidenced by a recent face-recognition data breach involving an Indian police force.

Globally, as governments and organizations increasingly use biometric data for identity verification and surveillance, the risk of data leaks and abuse rises. For example, a recent face recognition leak in Australia affected up to a million people and led to a blackmail charge. It also has to be noted that many countries are looking at biometric verification for identities, and all of that information has to be stored somewhere. If they decide to farm it out to a third-party company, they lose control of that data.
Read more »
Telecom Firm
Cyber Crime DoT Indian Government Mobile Connection Telecom Firm

Indian Govt Targets Cyber Criminals: DoT To Deactivate 1.8 Million SIMs

 

According to a recent media report citing 'officials' as sources, telecom operators are planning to disconnect approximately 1.8 million mobile connections at once as part of the government's first all-India operation to combat cybercrime and online fraud. 

This development comes after a thorough investigation conducted by multiple law enforcement authorities to trace the usage of mobile networks for cybercrime and financial theft.

"During investigations, it was detected that in many instances, a single handset was used with thousands of mobile connections," an official privy to the details told the local media outlet. 

On May 9, the Department of Transportation directed telcos to deactivate 28,220 mobile devices and re-verify nearly two million mobile connections that had been misused with these handsets. 

Officials stated that in such cases, just 10% of the connections are verified, with the remainder being disconnected and failing re-verification. They also stated that the disconnection will take place once the telecoms completed the re-verification in 15 days. The action comes amid a consistent increase in the number of mobile phone-related cybercrimes in the country. 

The National Cybercrime Reporting Portal (NCRP) said that digital financial theft victims lost Rs 10,319 crore in 2023. The Parliamentary Standing Committee on Finance said that over 694,000 complaints were received in 2023. 

Officials stated that fraudsters generally employ SIM cards from other telecom circles and frequently change the combination of SIM and handset to avoid detection by law enforcement and carriers.

"For instance, an Odisha or Assam circle SIM could be used in Delhi NCR," a second official noted. "To avoid the radar, fraudsters make only a few outgoing calls and then change the SIM as too many out. going calls from the same number would get detected by telco systems.”

According to an earlier investigation, telcos disconnected almost two lakh SIM cards last year for alleged involvement in cybercrimes. In another case, the authorities investigated places such as Mewat in Haryana, and more than 37,000 SIM cards were disconnected. 

Coordinated Action: To combat cybercrime, the government believes that telecoms should improve their detection of SIM usage patterns, particularly those purchased outside of home circles."As part of their roaming detection system, telcos can instantly capture when a person moves out to a different circle," added the second official.
Read more »
Subscribe to: Posts (Atom)