No one is safe in the world of cybernetics, not even the Government organizations. Across the world, the Government organizations are a favorite target for hackers and cyber criminals. Be it for the value of the data held by the Government or the relatively lax security around the IT infrastructure of Government systems; hackers seem to be quite successful breaking into them. While most of us would expect that such attacks would be focused more on first world countries; the Government of almost every country across the globe has been a victim of a data breach. Let’s look at some of the interesting incidents.
1. Aadhar data breach (India): Indian government had launched a very ambitious social security initiative in which every individual is supposed to be uniquely identified based on his biometrics. The central authority collects the biometric (finger prints, retina scans, ) and other information of every individual and allocates an Aadhar number by which they can be authenticated while availing any social security service. One of the uses of Aadhar scheme is to credit the bank account of pensioners with their pensions directly.
In 2017, the information of 1.6 million pensioners was leaked on Jharkhand state Government’s website. The name, address, Aadhar number and bank account details of the beneficiaries of the pension scheme were revealed in the breach. In another separate incident, the information of about 35 lakh Aadhar card holders was leaked on Kerala Government’s website. This time, along with biometric and biographic details, the photographs and pension ids were also revealed.
2. Australian Government website attacks: Australian Government is also no stranger to cyber attacks. In June 2017, an Australian newspaper published a story that the details of Medicare of Australian citizens were available for purchase on the dark net since October 2016. The hacker used a vulnerability in the Government system to access the data. Nobody in the Government knew about the breach. In fact, before the breach was uncovered, some of the data was sold for a profit. In another embarrassing incident, in 2016, during a census counting, the website of Australian Bureau of Statistics was under DDoS attack. The site suffered 43-hour outage and was subsequently taken down. The Government tried to pass the buck to an IT contractor but ultimately it was held responsible. It took 30 million AUD to fix the issue.
In yet another incident in November 2014, due to a security breach at Australian immigration department, the personal details of world leaders such as David Cameron, Angela Merkel, Narendra Modi, Barack Obama and Vladimir Putin were leaked. The passport numbers, visa details and other personal information of the leaders attending G20 summit was leaked. It must have been quite an embarrassment for the Australian authorities.
3. Bangladesh bank heist: Bangladesh Bank is the central bank of the country of Bangladesh. In 2016, this Government institution was hacked and the hackers successfully stole 81 Million USD. The hackers used bank’s SWIFT credentials to transfer money into various banks across the globe before the heist was discovered. Hackers had used a combination of social engineering and viruses to obtain employee credentials and access the bank’s network to make the transfers. Fortunately, the transfer of an 800 Million+ USD was stopped after discovery of breach.
4. Thailand tourist data breach: In March 2016, personal information of expats living in southern Thailand was leaked Information such as name, address, passport details and profession of more than 2000 expats were published on a fake site that resembled the immigration police website. The site had gone viral and much publicized before it was taken down.
5. Japan pension system: In 2015, Japan’s pension system was hacked and personal data of 1.25 million people were leaked An attachment in an email sent to an employee was infected with a virus. When the employee opened the attachment, the virus spread, collected data and sent it over the Internet to the hackers. Information such as names, address, birth date, pension Ids was successfully stolen. Luckily, the hacked systems were not connected to core financial system. The scandal caused huge political ramifications for the ruling party of Japan at the time.
These are not the only cases where the Government was the target of a cyber attack. In fact, China and Russia, the two countries that are blamed for most cyber attacks against western nations have also been constant targets of cyber attack themselves. No one, not even the strongest, with vast resources, are 100% safe in the cyber world. Precaution is the only defense.