India: NIXI’s data breach hardly happened
IN times where the tech news seems to consist of an endless series of disturbing data breaches, it’s comforting to sometimes discover that smoke does not always denote a fire.
The National Internet Exchange of India (NIXI) has released a statement that reassures Indian enterprises and concerned government bodies their data remains safe and that the widely-disseminated reports of a massive data breach that occurred over the last few days were not founded on fact.
NIXI is a national governmental non-profit which acts as a routing service for domestic Internet traffic. It was founded in 2003 with the express aim of distributing domestic Internet traffic between peering member ISPs, rather than having to use routing servers abroad.
As well as attempting to generally improve Internet connectivity across the country, the body also runs the Indian Registry for Internet Names and Numbers (IRNN); the controller of the top level “.in” address space, among other activities.
NIXI’s statement said:
“It has come to our knowledge that a business organization dealing with enterprise security solution[s] has sent information to various news agencies that it has found that an advertisement […] on [the] DarkNet announcing secret access to data bases [sic] of over 6,000 business and ISPs, government and private organization[s] and the said actor is attempting to sell [the] database of IRINN.
“The claim by the actor of Dark Net is audacious and far from [the] truth.”
The organization the statement refers to is Seqrite, the enterprise arm of IT security firm Quick Heal.
Seqrite had issued a blog post saying it discovered an advertisement on the so-called ‘dark web’ that claimed that party or parties unknown had access to information about more than 6,000 Indian businesses, ISPs, governmental organizations, and banks, among others.
Seqrite flags IRINN breach affecting over 6K Indian entities https://t.co/XiauFuvAcZ
— TOI Business (@TOIBusiness) October 3, 2017
The advertisement claimed that unidentified hackers had gained this information after a successful breach on NIXI’s IRINN.
Among the affected parties, it was claimed, were the Defence Research and Development Organisation, the State Bank of India and the Bombay Stock Exchange.
NIXI’s statement went on to say that:
“[…] there has been no serious security breach of [the] IRINN system, as it has a robust security protocol in place. The hacker has no capacity to cause any damage or initiate distributed denial of service to any entity who has been allocated internet resources through IRINN System.
“There was an attempt to penetrate the system and hacker was able to collect some basic profile information of the contact persons of some of the affiliates which was displayed by him on the DarkNet.”
While NIXI’s statement has allayed fears to a certain extent, the situation reiterates the need for enterprises of all sizes and colors to maintain strict data hygiene standards.