Hackers post NHAI data online, say there’s more
NEWDELHI: Financial records, contract documents, and employee information of the National Highways Authority of India (NHAI) has been posted online by cyber criminals, according to cybersecurity researchers who said the stolen data includes personal identity documents of at least one former chairman of the agency that is responsible for building and maintaining highways in the country.
The information was posted online on July 2, two days day after NHAI denied any sensitive information was compromised. The agency, however, confirmed it had on June 28 been the target of ransomware — a type of cyber attack carried out usually by groups looking to make money.
Details about the leak were shared with HT by Singaporebased cybersecurity firm Cyfirma, which said in its initial assessment that “the data compromised includes tax information, audit reports, passport copies, identity cards, assessment reports, and many other PII (personally identifiable information) and financial records”.
The data was in two files about 1.8GB in size, which the hackers said was 5% of the total information they had. The files, seen by HT, included copies of personal identity documents of a former NHAI chairman Raghav Chandra, included his passport and government ID card.
According to Cyfirma’s assessment, the hackers used the Maze ransomware, and the leaks may have been meant to force the
NHAI to pay a ransom in order stop to more data from being exposed. “This is how Maze hackers work. They release in batches as they attempt to extort their victims,” said Kumar Ritesh, CEO of Cyfirma, in an email to HT.
HT reported the breach on June 29, and NHAI officials at the time denied losing any data. On Thursday, representatives of the agency declined to comment on questions about the new disclosure or if they were negotiating with the hackers.
“As NHAI is going digital, it is advancing its security posture further by adopting world’s best cyber security measures at all levels. It is also adopting more proactive measures towards improving the end users IT skills too by adopting tool based user awareness training where user’s IT skill improvement can be monitored and measured,” said Akhilesh Srivastava, chief general manager (IT), of NHAI in response to the questions sent by HT. Chandra, who retired in 2018, said he did not think the leak of his personal data would be a security risk. “I don’t think anyone should be in a position to blackmail. But we need to find out the source of the attack. Tendering documents are slightly of vulnerable nature, the process is sacrosanct... NHAI needs to ensure it builds a strong security system to be able to thwart such attacks”.
NHAI “should ensure such malware attacks don’t happen in the future given the question of our national image especially in the light of what is happening politically”, the former chairman said. While it was not clear how much ransom may have been sought by the hackers, Ritesh said that typically, “Maze hackers are known to ask in excess of hundreds of thousands of dollars to millions”.
Cybersecurity research agencies have not yet indicted any particular group for using Maze, but, according to Ritesh, the techniques overlap with groups based in Russia, China as well as North Korea.
“As of now our attribution shows Russian hackers are behind Maze but this is quickly evolving and same techniques are being used by Chinese and Korea cyber criminals groups,” he said.
NHAI is responsible for building and maintaining the country’s highways. The agency manages contracts worth millions of rupees in a year, and its network systems are used for sensitive data, including toll management.