Loading…

Biggest Indian Telecom Hacked

Who is BSNL?

The telecommunications company Bharat Sanchar Nigam Limited (BSNL) is one of the vast networking service providers in government of India. BSNL serves its customers with various telecom services namely Landline, CDMA mobile, GSM mobile, Internet, Broadband etc. with its wide network all over the India.

A quick view of the fraud in a sequence:

A French Security Researcher, Baptiste Robert shared on his Twitter Handle ‘Elliot Alderson’ with an anonymous name, how he gained access by breaking into BSNL’s intranet system, by injecting SQL.

This helped him to gain access to entire database of employees in BSNL. The data contains employees name, designation, password, mobile number, date of birth, date of retirement, email addresses etc. He also asserts that the BSNL Websites intranetuk.bsnl.co.in and intranethr.bsnl.co.in has been attacked by ransom ware. This attack was unobserved by BSNL until he reported.

Two years ago, Sai Krishna Kothapalli, computer science engineer from IIT Guwahati had discovered this issue and wrote to BSNL. He also talked to their senior officials but there was no response from their side. Elliot Alderson also twitted this information.

“I discussed with @BSNL Corporate and a member of their IT team. They (BSNL) have acknowledged the issues and fixed them (after my report),” the researcher said.

This French Security Researcher has been alerting various government bodies about several security flaws in their networks from a long time. Last week, he exposed the security flaws in the private network of Bengaluru City Police. He also claimed that he had identified leaks from Telangana government website of MNREGA including their contacts and personal details.

How attack was initiated:

Elliot Alderson gained access to BSNL intranet by breaking into the system with embedding a malicious code through SQL injection.

SQL injection (SQLi) is a code injection technique in which attacker can execute harmful SQL statements that control a web applicant’s data base server.  SQL injection can affect any website or any web application that uses SQL Database.

How it works: For a SQL injection attack the website needs to include user input within a SQL statement.  An example of a SQL injection payload is as simple as setting the password. This would result in the SQL query and once this query executes the attacker will log in with the first account from the query result.

 

IMPACT:

  1. The attacker got access to the database of BSNL containing the personal details of more than 47,000 employees including their name, designation, address, password etc.
  2. Other government bodies got alerted after this cyber-attack and started tightening their cyber security concerns.

Who should be concerned of Cyber Attack?

  1. For the Senior Management: The senior management must take concern about cyber-attacks for their company to secure their confidential data. The hackers always target the data which might harm your company.

 

  1. For Developers: Web Developers must be aware of Cyber Attacks and SQL injections as they develop the whole website and web-applications. The developers should take proper course of Cyber Security to protect their organizations from being attacked by hackers. To learn more about Cyber Security, Kratikal Academy is the best training institute which provides various cyber security courses both online and offline.

 

 

  1. For Students: With the shortage of Cyber Security Experts in all over the world. Every organization is looking for best Cyber Security Experts who can protect them from various cyber-attacks. Students have the right time to pursue their career in Cyber Security. Kratikal Academy provides the best Cyber Security courses to students who have keen interest in this field and help them in becoming an expert in it. Ethical hacking training not only helps students but even the corporate employees who are looking for a career ahead in Vulnerability Assessment and Penetration Testing Jobs.

14 thoughts on “Biggest Indian Telecom Hacked

  1. I have been investigating this topic for about two weeks at this point and this is actually the 1st blog that actually makes sense. Why is it so difficult to find good data on the topic of protection these days? Definitely understand the effort you spent putting your ideas into words so amateurs such as me personally will be able to take a step. Will there be a part 2 with your posting? Thank you again!

  2. These days of austerity plus relative anxiety about having debt, some people balk about the idea of having a credit card to make purchase of merchandise as well as pay for any occasion, preferring, instead only to rely on a tried as well as trusted way of making settlement – hard cash. However, if you have the cash on hand to make the purchase fully, then, paradoxically, that is the best time to use the credit card for several causes.

  3. Great post. I was checking continuously this blog and I’m impressed! Extremely useful information particularly the remaining part 🙂 I care for such info a lot. I was seeking this certain information for a very lengthy time. Thank you and good luck.

  4. Hiya, I am really glad I’ve found this information. Today bloggers publish only about gossips and web and this is really annoying. A good site with interesting content, that is what I need. Thank you for keeping this web site, I’ll be visiting it. Do you do newsletters? Cant find it.

  5. I’ve been exploring this theme for about 3 weeks at this point and this is really the very first post that absolutely seems sensible. How come it’s really hard to find quality tips regarding protection today? Surely appreciate the effort you invested placing your ideas into words so amateurs like me personally may take action. Will there be a part two for your article? Many thanks!

  6. I was just searching for this info for a while. After 6 hours of continuous Googleing, at last I got it in your website. I wonder what’s the lack of Google strategy that don’t rank this kind of informative web sites in top of the list. Generally the top web sites are full of garbage.

  7. This design is steller! You obviously know how to keep a reader entertained. Between your wit and your videos, I was almost moved to start my own blog (well, almost…HaHa!) Wonderful job. I really loved what you had to say, and more than that, how you presented it. Too cool!

Leave a Reply