[Hacker shows cops how he got Aadhaar data

Rajiv Kalkod | TNN | Updated: Aug 6, 2017, 04:51 AM IST

HIGHLIGHTS
The hacker said the absence of Hypertext Transfer Protocol Secure from the
URL helped him hack into the e-hospital website
He said he did not have any criminal intention
He said he developed the app giving out e-KYC details, thinking it would
help the common man access Aadhaar information

Representative imageRepresentative image

BENGALURU: Abhinav Srivastava, prime accused in the Aadhaar data theft
case, stunned investigators on Saturday with a six-hour demonstration
explaining the shortcuts he used to hack into websites.]

http://timesofindia.indiatimes.com/city/bengaluru/hacker-shows-cops-how-he-got-aadhaar-data/articleshow/59936606.cms

Hacker shows cops how he got Aadhaar data

Rajiv Kalkod | TNN | Updated: Aug 6, 2017, 04:51 AM IST

HIGHLIGHTS
The hacker said the absence of Hypertext Transfer Protocol Secure from the
URL helped him hack into the e-hospital website
He said he did not have any criminal intention
He said he developed the app giving out e-KYC details, thinking it would
help the common man access Aadhaar information

Representative imageRepresentative image

BENGALURU: Abhinav Srivastava, prime accused in the Aadhaar data theft
case, stunned investigators on Saturday with a six-hour demonstration
explaining the shortcuts he used to hack into websites.

He disclosed the modus operandi he used to hack into the government website
to access Aadhaar data. The cyber crime sleuths recorded the entire process
on a video camera. "He said the absence of Hypertext Transfer Protocol
Secure (HTTPS) from the URL helped him hack into the e-hospital website.
HTTPS is the secure version of HTTP (Hypertext Transfer Protocol)," a
source said, adding, "All communications between the browser and the
website were not encrypted. HTTPS is often used to protect highly
confidential online transactions like banking and shopping order forms."

Top Comment
HTTPS is basic security and how come NIC could a website could be hosted
without mandatory HTTPS for eKYC agent... someone should be held
responsible at NIC/ eHospital/ UIDAI authorities rather than this hacker
natrajv

An MSc graduate from IIT-Kharagpur, Srivastava was recently arrested for
allegedly hacking into e-hospital server hosted by the National Informatics
Centre (NIC), a KYC user agency (KUA) which has tied up with the Unique
Identification Authority of India (UIDAI) for Aadhaar authentication
services. He allegedly hosted the Aadhaar e-KYC app on Google Playstore.
Anyone clicking on it could gain access to Aadhaar data available on the
server. The hacker, however, reiterated that he had no criminal intention.

"I developed the app giving out e-KYC details, thinking it would help the
common man access Aadhaar information. I had no other intention," police
said quoting the accused. Senior officials told Srivastava hacking into the
server itself was a criminal act. "He's trying to convince us that he is
not a hardcore criminal but that can only be decided after the
investigation is over," a Central Crime Branch (CCB) sleuth said. Laptops,
hard disks have been sent to FSL. CCB police sent the four laptops and one
hard disk they seized from Srivastava's residence to the forensic science
laboratory. "We need to carefully examine the gadgets as they contain all
the information of his activities," a CCB cop said.

-- 
Peace Is Doable

-- 
You received this message because you are subscribed to the Google Groups 
"Green Youth Movement" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to greenyouth+unsubscr...@googlegroups.com.
To post to this group, send an email to greenyouth@googlegroups.com.
Visit this group at https://groups.google.com/group/greenyouth.
For more options, visit https://groups.google.com/d/optout.

Reply via email to