After a spate of website hacks and defacements, the second wave of OpsPatuk, the ongoing cyber attack against India, seems to be focusing on data leaks. The Free Press Journal has learned that the personal data of lakhs of Indians from at least three different sources have been hacked and leaked on the dark web since Saturday.
The cyber attack is being spearheaded by DragonForce, a pro-Palestine ‘hacktivist’ group based in Malaysia, which issued a clarion call on the internet on June 10. DragonForce appealed to Muslim hackers all over the world to unite and avenge the derogatory remarks about Prophet Mohammed by suspended BJP spokesperson Nupur Sharma.
The Free Press Journal had last Sunday (June 12) reported how DragonForce had released a threat video, warning India that it should ‘watch its back’.
Shortly after the video was released, DragonForce posted on the dark web about having hacked two websites. One of these was of a major port in India, while the other was a privately owned logistics service which provides riders to at least 24 major brands in food, grocery and medicine delivery in India.
DragonForce also dumped the port’s entire database, as well as the names and contact numbers of all the riders of the logistics service on the dark web as proof of its exploits. DragonForce had at the time hinted that a bigger data leak was on its way.
Thereafter, DragonForce once again posted on its dark web forum saying that it had hacked and obtained details of 6,162,450 Indians.
This declaration was followed by the dumping of two packets of data, one of which was 400 megabytes in size and the other 137 megabytes. Both the packets contain names, contact numbers, locations and social media information of Indian users, indicating that the data was hacked from the server of a leading social media giant.
The Free Press Journal has viewed and accessed samples of all the leaked data, which falls under the category of Personal Identifiable Information (PII).
The hacking of PII is a major concern for law enforcement agencies the world over, as it gives rise to a wide range of other cyber crimes. PII is typically sold on dark web forums, which double as underground online marketplaces, to the highest bidder. This data is then used for a variety of crimes like identity theft, sextortion, SIM card cloning, phishing and online harassment.
For example, using the leaked data, cybercriminals can create forged documents in the name of the victims, using all their details, obtain loans from financial institutions in their names, or create bogus identity documents like AADHAR cards.
“The leak of a mobile number is the worst, as it immediately makes the victims vulnerable to every kind of cybercrime in which the first contact is made via phone calls or SMS. Cybercriminals, after getting this data, contact all these victims claiming to be from the government, cellular service providers or banks. Thereafter, they convince the victim into revealing sensitive details like banking credentials or convince them to install screen sharing apps that give the criminals complete access to their cell phones,” a senior cyber crime officer said.