Hacktivist group AnonOpsIndia hacks BSNL website, days after hacking nation's PAN database
In what appears to be a protest against the Indian government’s stand on net neutrality and the way it is handling Digital India, hacker group AnonOpsIndia hacked BSNL Telecommunications' website on Friday. Hours after the breach, the website is still affected.
AnonOpsIndia, which seems inspired by the major hacktivist group Anonymous, describes itself with a similar reverence and asks to be referred to as "Anonymous India". This is the third major hack the group has managed to pull off, after hacking the nation's PAN database and a coal-sector website last week.
PAN, for those unfamiliar, is a code that acts as identification of Indians, especially those who pay Income Tax. The group, however, noted in a blog post last week that it didn't tamper with the data.
Coming to the most recent attack, the hacker group has managed to inject several documents on to BSNL’s server. In the documents AnonOpsIndia published on the site lists its demands to the Central Government. The group notes that it has replicated the entire BSNL database which has sensitive information of over 30 million users.
Payment details too. Bank details, account numbers too somewhere. Can't remember where. It's a huge mess of data! https://t.co/knSrVfi1pb
— AnonOpsIndia (@opindia_revenge) July 4, 2015
“When the government stops listening to the people, it's time to wake them up. There will be no #DigitalIndia until and unless government of India stops their surveillance projects & make their systems secure”, the group writes.
Addressing the admins of BSNL website, AnonOpsIndia had this to say, “patch up your site. You have stored Passwords in plain text. Shame! Is this your #DigitalIndia? We also have access to all BSNL databases now. No data on the server was tampered though. But we have taken a copy of all your databases. Patch up before the Chinese get their hands on this. It's a goldmine”.
The group is miffed at TRAI (Telecom Regulatory Authority of India) for making millions of email IDs of the participants in its recent consultation public without hiding their contact info. It notes that TRAI's move helped spammers glean contact info of so many people. For those who don't remember, TRAI released a consultation paper three months ago in which it was seeking people's views on whether India should have licensing of internet services. When the deadline was reached, TRAI published users' views without hiding their personal information.
Among other things, the group also claims that Mukesh Ambani’s Reliance is sending unencrypted data to China through its Jio Chat app. It ends its list by requesting Ravi Shankar Prasad, Minister for Communications and IT "to stop moving towards a licensing regime".
I spoke with the hacker group, and they explained to me why they hacked government websites. "[We don't] call it attacks. It's more like we are showing the true face of Digital India. Data is not at all secure. We did 3 hacks in 7 days. Major ones including PAN database & BSNL 30 million records", the group tells me. When asked if anyone from the government had reached out to them, Anonymous India answered with a negative.
The group is not happy with the way the government is moving forward with Digital India, an initiative of Government of India to integrate the government departments and the people of India. "Our motive is simple. The government, instead of spending taxpayers money on surveillance projects like CMS to snoop on taxpayers, should spend that money on hiring security experts who would keep data secure", the group told me.
We have contacted BSNL asking for a statement.