French security researcher hacks BSNL intranet, exposes critical security flaws
French cybersecurity researcher Baptiste Robert claims to have gained access to a private database of state-run Bharat Sanchar Nigam Limited (BSNL) which contains details of more than 47,000 employees.
Baptiste Robert or Eliott Alderson (Twitter name), gained access by breaking into BSNL’s intranet system and embedding a malicious code which helped him source the database.
Here’s more on this development.
Indian engineer’s warning fell on BSNL’s deaf ears
The security issue brought to light what was earlier discovered by an Indian cybersecurity researcher Sai Krishna Kothapalli.
Sai Krishna found this security vulnerability around two years back when he contacted BSNL about the issue which Sai Krishna says “could have been the largest data dump or hack in Indian history”.
However, Sai’s requests fell on deaf ears.
From private data to Ransomware
Apart from all the private data and passwords of the employees, Alderson claimed that couple of BSNL websites – intranetuk.bsnl.co.in and intranethr.bsnl.co.in had also been attacked by ransomware and were unnoticed by BSNL, until he reported about it.
He also highlighted that BSNL website had several open directories which “allowed everybody to consult their documents” and that a “monitoring bandwidth system was accessible publicly.”
Meanwhile, how secure is your data?
Last week, Alderson alerted Bengaluru Police regarding security flaws in its VPNs and directories.
He has also identified vulnerabilities in Telangana government’s TSPost and gained access to Aadhaar details of 56 lakh NREGA scheme beneficiaries.
Last year, Alderson also exposed security flaws in mAadhaar app.