Aadhaar Data Breach Largest in the World, Says WEF’s Global Risk Report and Avast
During 2018, the secret and sensitive data of literally hundreds of millions of people has been torn open and exposed, then aggregated on various dark web lists for sale. Malicious cyber-attacks and lax cyber-security protocols again led to massive breaches of personal information in 2018, the largest being Aadhaar from India, say two reports.
The World Economic Forum's (WEF's) Global Risks Report 2019, says, "The largest (data breach) was in India, where the government ID database, Aadhaar, reportedly suffered multiple breaches that potentially compromised the records of all 1.1 billion registered citizens. It was reported in January 2018 that criminals were selling access to the database at a rate of Rs500 for 10 minutes, while in March a leak at a state-owned utility company allowed anyone to download names and ID numbers."
WEF's Global Risks Perception Survey (GPRS) finds around two-thirds of respondents expect the risks associated with fake news and identity theft to increase in 2019, while three-fifths said the same about loss of privacy to companies and governments. But more about it later.
"While some data breaches are deliberate attacks, others are simply neglected databases that security auditors find lying around the web like unguarded, unlocked safes," the blog says.
According to Avast, between August 2017 and January 2018, Aadhaar numbers, names, email and physical addresses, phone numbers, and photos of almost 1.1 billion Indians were found susceptible to data breach.
Investigations by The Tribune reveal that the racket may have started around six months ago, when some anonymous groups were created on WhatsApp. These groups targeted over 300,000 village-level enterprise (VLE) operators hired by the ministry of electronics and information technology (ME&IT) under the common service centres scheme (CSCS) across India, offering them access to UIDAI data.
Interestingly, last year, digital security firm Gemalto had also mentioned 1.2 billion data breaches in Aadhaar database in its Breach Level Index report. However, later, it retracted its own study on Aadhaar data breaches and tendered an unconditional apology through a half-page advertisement in a leading newspaper.
In such scenario, we wonder if WEF and Avast are also made to retract from their reports.
Coming back to the WEF's GPRS report, there were further massive data breaches in 2018, new hardware weaknesses were revealed, and research pointed to the potential uses of artificial intelligence to engineer more potent cyberattacks.
Last year also provided further evidence that cyber-attacks pose risks to critical infrastructure, prompting countries to strengthen their screening of cross-border partnerships on national security grounds.
In the GRPS, 'massive data fraud and theft' was ranked the number four global risk by likelihood over a 10-year horizon, with 'cyber-attacks' at number five. This sustains a pattern recorded last year, with cyber-risks consolidating their position alongside environmental risks in the high impact, high-likelihood quadrant of the Global Risks Landscape.
A large majority of respondents expected increased risks in 2019 of cyber-attacks leading to theft of money and data (82%) and disruption of operations (80%). The survey reflects how new instabilities are being caused by the deepening integration of digital technologies into every aspect of life.
Cyber vulnerabilities can come from unexpected directions, as shown in 2018 by the Meltdown and Spectre threats, which involved weaknesses in computer hardware rather than software. They potentially affected every Intel processor produced in the past 10 years.
Last year also saw continuing evidence that cyber-attacks pose risks to critical infrastructure. In July, the US government stated that hackers had gained access to the control rooms of US utility companies.
The potential vulnerability of critical technological infrastructure has increasingly become a national security concern. The second most frequently cited risk interconnection in this year’s GPRS was the pairing of cyber-attacks with critical information infrastructure breakdown.
Talking about increasing use of biometrics, the report says, we are moving into a world in which everything about us is captured, stored and subjected to artificial intelligence (AI) algorithms.
It says, "If humans are increasingly replaced by machines in crucial decision loops, the result may lead not only to greater efficiency but also to greater societal rigidity. Global politics will be affected as authoritarianism is easier in a world of total visibility and traceability, while democracy may turn out to be more difficult—many societies are already struggling to balance threats to privacy, trust and autonomy against promises of increased security, efficiency and novelty. Geopolitically, the future may hinge in part on how societies with different values treat new reservoirs of data."
"Strong systems of accountability for governments and companies using these technologies could help to mitigate the risks to individuals from biometric surveillance. This will be possible in some domestic contexts, but developing wider global norms with any traction will be a struggle," the WEF report says.