Indian antivirus and endpoint vendor Seqrite claims the nation’s internet registry has suffered a data breach, but the registry’s parent organisation says while it was attacked the information obtained was trivial.
Seqrite says its researchers noticed “an advertisement on DarkNet announcing secret access to the servers and database dump of over 6000 Indian businesses – ISPs, Government and private organisations.” The researchers say they then posed as an interested buyer and the advertisers provided screen shots that indicate the data comes from the Indian Registry for Internet Names and Numbers (IRINN), India’s issuer of IP addresses.
Seqrite, also known as Quick Heal Technologies, says buyers who’d like to see the data need only hand over 15 Bitcoin. The company says the data is sufficiently detailed that the dark web vendor is “offering network takedown of affected organizations for an unspecified amount” and “claims to have the ability to tamper the IP allocation pool, which could result in a serious outage or Denial of Service.”
The company also says the information it’s seen could lead to disruption of “Internet IP allocation and affect Internet services in India.”
The National Internet Exchange of India (NIXI), which oversees IRIN, is having none of that. A statement it sent to media said “There was an attempt to penetrate the system and hacker was able to collect some basic profile information of the contact persons of some of the affiliates which was displayed by him on the darknet.” The statement adds that “existing security protocol of NIXI is robust and capable of countering such attacks. However, following this breach, security protocol has been further strengthened and review of existing infrastructure has also been initiated.”
The Register has asked Seqrite to further explain the nature of the data it has seen, and how it might facilitate either denial of service attacks or represent a threat to the internet in India. If the company responds, we will update this stor