Indian antivirus and endpoint vendor Seqrite claims the nation's internet registry has suffered a data breach, but the registry's parent organisation says while it was attacked the information obtained was trivial.
Seqrite says its researchers noticed “an advertisement on DarkNet announcing secret access to the servers and database dump of over 6000 Indian businesses – ISPs, Government and private organisations.” The researchers say they then posed as an interested buyer and the advertisers provided screen shots that indicate the data comes from the Indian Registry for Internet Names and Numbers (IRINN), India's issuer of IP addresses.
Seqrite, the enterprise security brand of Quick Heal Technologies, says buyers who'd like to see the data need only hand over 15 Bitcoin. The company says the data is sufficiently detailed that the dark web vendor is “offering network takedown of affected organizations for an unspecified amount” and “claims to have the ability to tamper the IP allocation pool, which could result in a serious outage or Denial of Service.”
The company also says the information it's seen could lead to disruption of “Internet IP allocation and affect Internet services in India.”
The National Internet Exchange of India (NIXI), which oversees IRIN, is having none of that. A statement it sent to media said “There was an attempt to penetrate the system and hacker was able to collect some basic profile information of the contact persons of some of the affiliates which was displayed by him on the darknet.” The statement adds that “existing security protocol of NIXI is robust and capable of countering such attacks. However, following this breach, security protocol has been further strengthened and review of existing infrastructure has also been initiated.”
The Register has asked Seqrite to further explain the nature of the data it has seen, and how it might facilitate either denial of service attacks or represent a threat to the internet in India. If the company responds, we will update this story. ®
UPDATE Seqrite's been in touch and sent us the following:
"Actor shared few screenshots and emails address of affected parties after lots of persuasion, so in terms of information from actor that was all was provided to us during our discussion, Actor mentioned during communication that if he can change or transfer IP /Network allocation, there will be network disruption at the side of affected entity which will result in Denial of Service. To prove this he shared a screenshot where this change request was possible, we have provided that screenshot in our Blog. No further information shared by the hacker.
Hence our mention of possibility of Denial of Service was purely on the ability of Allocation/Deallocation/transfer of ASN/IP Block."