It was a squally Sabbatum eve inwards Manhattan, winds touching 40mph as well as seeping through the cracks of my rent subsidized midtown apartment(it’s the details, non but the location). I had but invited a friend over for a potable as well as nosotros planned on binge watching Altered Carbon as well as complete a political party pack of Doritos(not healthy, I know). We started discussing our doomsday scenarios of a post apocalyptic earth where the dry ground monitors your every crusade as well as spoke at length near the Chinese “Credit Score” for appropriate demeanour as well as its parallels alongside the credit grade inwards the USA which unfairly docks points for minorities as well as people inwards less than glamorous neighborhoods.
The conversation veered towards the AADHAR as well as UIDAI inwards Republic of Republic of India as well as the resistance it is facing from for sure department whilst beingness hailed every bit the side past times side sliced staff of life past times for sure sections of the media. I seat every bit a centrist as well as don’t necessarily concur alongside the leftist ideology as well as prima facie concur alongside the concept of a unique taxation identification number(Which the PAN bill of fare serves at the moment) but I’m wary of giving my biometric information to anyone. I induce got expression upward ID disabled on my iPhone as well as endeavor non to give out whatever information to the corporations(no facebook, a locked downward instagram) but I object to a dry ground mandated biometric identification document, but that’s but me.
The conversation veered towards the AADHAR as well as UIDAI inwards Republic of Republic of India as well as the resistance it is facing from for sure department whilst beingness hailed every bit the side past times side sliced staff of life past times for sure sections of the media. I seat every bit a centrist as well as don’t necessarily concur alongside the leftist ideology as well as prima facie concur alongside the concept of a unique taxation identification number(Which the PAN bill of fare serves at the moment) but I’m wary of giving my biometric information to anyone. I induce got expression upward ID disabled on my iPhone as well as endeavor non to give out whatever information to the corporations(no facebook, a locked downward instagram) but I object to a dry ground mandated biometric identification document, but that’s but me.
My friend Alexa(not the smart speaker) insisted that Aadhar was a secure enclave as well as my fears are unfounded as well as I’m but paranoid near everything.
I half-joked that I tin give the axe easily uncovering Aadhar information of multiple users inwards x minutes or so. She took upward on my challenge as well as asked me to exercise it as well as if I win, she volition induce got me out to luncheon sometime as well as pay for it. Sounds good, I haven’t been to Ivan Ramen inwards a spell as well as would dearest to induce got their steamed buns. So I cranked upward my skillful onetime Ubuntu machine as well as allow the magic work.
Methodology
I had solely x minutes, thus I had to stick to basic exploits. I decided that dry ground portals(India has 29 states as well as they also shop Aadhar information on their servers) would endure an easier target.
I started alphabetically as well as I hitting gilded at Andhra Pradesh. Took me a grand full of v minutes. Their website administrator had left the website’s (which I induce got non published hither for obvious reasons) Port lxxx opened upward as well as unauthenticated at that. This is every bit slowly every bit stealing a candy from a baby(although or thus babies tin give the axe pee at yous when yous endeavor that) as well as establish roughly 8000 Aadhar cards alongside name, DOB, address as well as other personally identifiable information which tin give the axe endure used past times nefarious elements to larn mistaken SIM cards, exercise mistaken banking company accounts as well as credit cards.
Andhra Pradesh Dump Since the bet was won, I was happy as well as smirked similar Dwight Schrute does here
Pleased alongside myself momentarily, I tried to penetrate a few to a greater extent than states(I know it sounds muddy but isn’t) as well as I was able to uncovering Aadhar, PAN Card as well as Passports fifty-fifty uploaded on an unsecure server past times Maharashtra as well as UP governments.
MaharashtraUP dump The primary describe of piece of employment concern alongside this assault is that yous don’t demand to endure a “hacker” or fifty-fifty know anything near cybersecurity. Just a little youtube tutorial of 8 minutes volition give yous the cognition as well as the tools to come inwards the unsecured databases on diverse dry ground websites(with gov.in domains) as well as larn access to thousands of people’s individual identification documents. I was a fleck drunkard alongside all the Nomad whisky I was drinking(it is nice, born inwards Scotland, raised inwards Spain, thus it has bad teeth as well as smells bad ) as well as went on a twitter rant near how the safety system(the absence of) was easily bypassed inside minutes.
It was followed past times a few profane tweets near telling the authorities to larn their fecal thing together as well as inwards hindsight, I shouldn’t induce got said it. I blame Nomad Whisky for it though.
So the tweet went viral as well as was picked upward past times a few intelligence outlets as well as I’m inwards touching on alongside them.
If someone tin give the axe indicate me to relevant authorities, thus I tin give the axe give out the portal URLs as well as then they tin give the axe patch the gaping holes inwards their security, I’m to a greater extent than than happy to assist them at no cost.
I’d similar to reiterate I induce got no political affiliations as well as I did all this for a costless luncheon at Ivan Ramen as well as to print a girl.
Buat lebih berguna, kongsi:
