The following report is by Naked Capitalism (excerpts):
In one fell swoop, roughly 10% of the global population appears to have had some of their most valuable personal identifiable information (PII) compromised. Yet Aadhaar continues to receive plaudits from Silicon Valley.
An anonymous hacker claims to have breached the digital ID numbers, as well as other sensitive personal data, of around 815 million Indian citizens. To put that number in perspective, it is more than 60% of the 1.3 billion Indian people enrolled in the government’s Aadhaar biometric digital identity program, and roughly 10% of the entire global population. Thanks to the breach — the largest single one in the country’s history, according to the Hindustan Times — the personal data of hundreds of millions of Indians are now up for grabs on the dark web, for as little as $80,000.
To register for an Aadhaar card, Indian residents have to provide basic demographic information, including name, date of birth, age, address and gender, as well as biometric information, including ten fingerprints, two eyeball scans and a facial photograph. Much of that data has apparently been compromised.
Media reports suggest that the source of the leak was the Covid-19 test data of the Indian Council of Medical Research (ICMR), which is linked to each individual’s Aadhaar number. The alarm was first raised by Resecurity, a Los Angeles-based cyber security company, which on Oct 15 included the following in a blogpost on its corporate website:
On October 9th, a threat actor going by the alias ‘pwn0001’ posted a thread on Breach Forums brokering access to 815 million “Indian Citizen Aadhaar & Passport” records. To put this victim group in perspective, India’s entire population is just over 1.486 billion people.
HUNTER investigators established contact with the threat actor and learned they were willing to sell the entire Aadhaar and Indian passport dataset for $80,000.
The data set offered by pwn0001 contains multiple fields related to the PII of Indian citizens, including but not limited to:
– name
– father’s Name
– phone Number
– other Number
– passport Number
– aadhar Number
– age
– gender
– address
– district
– pincode
– state…
One of the leaked samples contains 100,000 records of personal identifiable information (PII) related to Indian residents. In this sample leak, HUNTER analysts identified valid Aadhaar Card IDs, which were corroborated via a government portal that provides a “Verify Aadhaar” feature. This feature allows people to validate the authenticity of Aadhaar credentials,” Resecurity said…
Resecurity acquired… 400,000 records and contacted multiple victims to validate the information, as well as used the “Verify Aadhaar” feature available via official government WEB-resource in India.
The contacted victims from the acquired data set confirmed the validity of their data, and stated they have never been notified about [the breach] before.
Digital Identity Theft
A leak of such highly sensitive personal identifiable information (PII) creates a significant risk of digital identity theft, warns Security Affairs:
Threat actors leverage stolen identity information to commit online banking theft, tax refund fraud, and other cyber-enabled financial crimes. Nation-state actors are also hunting for Aadhaar data with the goal of espionage and influence campaigns that leverage detailed insights on the Indian population. Resecurity observed a spike in incidents involving Aadhaar IDs and their leakage on underground cybercriminal forums by threat actors who look to harm Indian nationals and residents.
Aadhaar (Hindi for “foundation”) is a 12-digit unique identity (UID) number issued by the government after confirming a person’s biometric and demographic information. Launched in 2012 as part of an initiative to give each Indian resident with a unique identification number, it is the largest digital identity system on the planet, with 1.3 billion UIDs issued by 2021, covering a staggering 92% of India’s population.
It was ostensibly created to provide people without identification a formal government ID as well as crack down on duplicate, fake or stolen IDs used to benefit from government programs and welfare schemes. And it quickly drew interest and praise from elite quarters around the world, including Silicon Valley.
In a 2019 entry of his “Gates Notes” blog, Bill Gates lauded Aadhaar for making “India’s invisible people visible.” Three years earlier, in a lecture on Technology for Transformation, Gates had said that Aadhaar is something that had never been done before by any government, not even in a rich country. He also claimed it does not pose any privacy risks; try telling that to the 815 million people whose personal data is now up for grabs on the Dark Web!
Together with Nandan Nilekani, one of the co-founders of Indian tech giant Infosys who is widely recognised as Aadhaar’s chief architect, Gates went on to play a key role in exporting Aadhaar to other parts of the so-called Global South, much of it financed by the World Bank. The two tech billionaires also reportedly helped persuade the Modi government to embark on the disastrous path of demonetisation in order to expand cashless payment alternatives. Demonetisation is believed to have caused a 2% drop in India’s GDP growth in 2016/17 alone — the equivalent of $52 billion, according to the Sunday Guardian.
Even today, Aadhaar continues to receive plaudits from Silicon Valley, despite all of its security flaws, privacy concerns and other issues. Worldcoin, the controversial cryptocurrency project set up by OpenAI CEO Sam Altman that uses an eye-scanning “orb” to give users a unique digital identity to verify whether they are human, recently said it seeks to emulate India’s Aadhaar system in its own creation of a global identity and financial network.
Ironically, both Aadhaar and World Coin were featured in a recent report by Moody’s Investor Services as examples of how not to develop a digital identity system. As I noted at the time, it is not clear whether Moody’s criticisms were merely poorly timed, given the geopolitical backdrop, or form part of a broader campaign in the Anglosphere against India’s interests. The Modi government and Indian tech businesses are desperately keen to export the so-called “Indian Stack” — the Jan Dhan Yojana, a financial inclusion program; UPI, an instant payments system launched in 2016, just six months before the government yanked 84% of India’s cash notes out of circulation in its infamous demonetisation campaign; and Aadhaar.
Mission Creep On Steroids
Aadhaar was first introduced as a voluntary way of improving welfare service delivery. But the Modi government rapidly expanded its scope by making it mandatory for welfare programs and state benefits.
SEE: Women In India Use Digital IDs To Apply For Universal Basic Income
The mission creep didn’t end there. Aadhaar has become all but necessary to access a growing list of private sector services, including medical records, bank accounts and pension payments. According to Security Affairs, it is the security weaknesses of many of these third parties, including utility companies, independent service providers, mobile and telecommunication operators, and lending and fintech services, that are behind many of the data breeches.
Plans are also afoot to link voter registration to Aadhaar, despite the system’s glaring security flaws. Besides the vulnerability of its data storage, India’s Aadhaar system has many other downsides, as I noted in my book Scanned:
For a start, it tracks users’ movements between cities, their employment status and purchasing records. It is a de facto social credit system that serves as the key entry point for accessing services in India. While the system has helped to speed and clean up India’s bureaucracy, it has also massively increased the Indian government’s surveillance powers and excluded over 100 million people from welfare programs as well as basic services.
Read the rest of the story here.
AUTHOR COMMENTARY
I have a number of reports covering the push around the world for people to accept digital IDs, and what it really means. A digital ID is the necessary tool needed to facilitate the central bank digital currencies (CBDCs), and enforce social credit scores. You can read a couple of good examples of that here:
- United Nations Formally Launches Digital ID Governance Framework Tied To Banking, Fulfils Agenda 2030 Goals
- Must Read: Top Economist And Professor Reveals That Central Banks Want To Microchip People So They Can Administer CBDCs
- Kazakhstan Partners With UN To Introduce ‘Digital Family Card,’ Allows The Government To Monitor All Household Conditions And Retroactively Provide Social Benefits
The digital ID scam is not even out of its infancy stage and yet already it has been massively hacked in India, to the tune of hundreds of millions of people now having their most personal and intrinsic information stolen and ransomed!
But this failure of the digital ID system will continue to be a failure by design, as it has spiritual connotations; for as long as the digital ID systems blows up in everyone’s faces, it will be then used to then promote biometrics and implants, which is leading to the final solution:
[16] And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: [17] And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name. [18] Here is wisdom. Let him that hath understanding count the number of the beast: for it is the number of a man; and his number is Six hundred threescore and six. Revelation 13:16-18
[7] Who goeth a warfare any time at his own charges? who planteth a vineyard, and eateth not of the fruit thereof? or who feedeth a flock, and eateth not of the milk of the flock? [8] Say I these things as a man? or saith not the law the same also? [9] For it is written in the law of Moses, Thou shalt not muzzle the mouth of the ox that treadeth out the corn. Doth God take care for oxen? [10] Or saith he it altogether for our sakes? For our sakes, no doubt, this is written: that he that ploweth should plow in hope; and that he that thresheth in hope should be partaker of his hope. (1 Corinthians 9:7-10).
The WinePress needs your support! If God has laid it on your heart to want to contribute, please prayerfully consider donating to this ministry. If you cannot gift a monetary donation, then please donate your fervent prayers to keep this ministry going! Thank you and may God bless you.
Say no to digitow
They’re so anxious to roll out the permanent m.o.t.b. system! They quickly dream up a problem, to use to raise fear and concern among the unsuspecting masses. They seize this first engineered opportunity to rush in with their preplanned solution! Hmm…where have we seen that before? It’s getting to be an old method, but it will still work very well for them.