Bug Hunter 'Elliot Alderson' Reveals Unsecure BSNL Employee Database; Fixed Now

Cybersecurity is a pressing concern for organizations worldwide with hacks getting more and more sophisticated. With data breaches and hacks such equally Uber, Yahoo and Equifax still looming large, companies simply cannot afford to take shoddy security on their servers. However, in India, the situation is so grim that you lot don't need deep technical knowledge to hack into national databases.

In a recent development, security researcher Baptiste Robert who goes by the nickname Elliot Alderson on Twitter found critical flaws in the intranet deployed by the country-run telecom operator India Sanchar Nigam Limited (BSNL).

The researcher was able to get consummate details about more than than 47,000 BSNL employees. Intriguingly, Robert uses Elliot Alderson as his Twitter handle every bit a reference ot the atomic number 82 character – a "vigilante hacker" – in TV'due south Mr Robot.

1) At that place was a SQL injection in their intranet website. It allows the assaulter to dump the all database of the BSNL intranet. It contains the information of 47K+ BSNL employees, Senior officiers' information, BNSL administrators data, retired employee details and more. pic.twitter.com/HTEwtC63wp

— Baptiste Robert (@fs0c131y) March 4, 2018

Robert said he bankrupt into BSNL'due south intranet by using a malicious lawmaking which helped him gain access to an elaborate database of not just current employees but as well those who accept left the company. The database included details similar employees' names, their designations, personal mobile numbers, dates of birth and superannuation, and fifty-fifty their intranet passwords.

The flaws were reportedly fixed by BSNL later being informed by the researcher. They also discovered BSNL's now-defunct portals "intranethr.bsnl.co.in" and "intranetuk.bsnl.co.in" had also been attacked by ransomware without the telco's awareness.

The researcher, nevertheless, credited Sai Krishna Kothapalli, an Indian security researcher, for this discovery and claimed that Kothapalli had institute these vulnerabilities in the telco's network over two years but his vox remained unheard. The Indian Information technology Act of 2000 which currently governs hacking in India allows companies to sue researchers who betoken out flaws in their private networks, which is now beingness seen as a de-incentivizing mensurate.

#India you take a problem. With just a google search query you lot can notice dozens of "Confidential", "Most Firsthand/Confidential", "Immediate/Confidential" governmental documents. These documents are coming from multiple governmental websites… film.twitter.com/k9nweHXrhZ

— Baptiste Robert (@fs0c131y) March 2, 2018

Robert has lately shown a lot of interest in flawed cybersecurity systems used by Indian institutions including individual networks used by the Police departments of Bengaluru City as well as Punjab. He also leaked a list of MNREGA beneficiaries from the website of the Telangana government, and recently chided UIDAI for the ease of hacking the mAadhaar app. As a result, Robert'southward Twitter handle has been subject to a lot of questions about the motive behind his focus on Indian services and apps. Though if you'd like to verify the security of a item service or app, he seems to be accepting tips through Twitter DMs.