Hackers post NHAI data online, say there’s more
NEWDELHI: Financial records, contract documents, and employee information of the National Highways Authority of India (NHAI) has been posted online by cyber criminals, according to cybersecurity researchers who said the stolen data includes personal identity documents of at least one former chairman of the agency that is responsible for building and maintaining highways in the country.
The information was posted online on July 2, two days after NHAI denied sensitive information was compromised. The agency, however, confirmed it had on June 28 been the target of ransomware — a type of cyber attack carried out usually by groups looking to make money.
Details about the leak were shared with HT by Singaporebased cybersecurity firm Cyfirma, which said in its initial assessment that “the data compromised includes tax information, audit reports, passport copies, identity cards, assessment reports, and many other PII (personally identifiable information) and financial records”.
The data was in two files about 1.8GB in size, which the hackers said was 5% of the information they had. The files, seen by HT, included copies of personal identity documents of former NHAI chairman Raghav Chandra, included his passport and government ID card.
According to Cyfirma, the hackers used the Maze ransomware, and the leaks may have been meant to force the NHAI to pay a ransom to stop more data from being exposed. “This is how Maze hackers work. They release in batches as they attempt to extort their victims,” said Kumar Ritesh, CEO of Cyfirma, in an email to HT. HT reported the breach on June 29, and NHAI officials at the time denied losing any data. On Thursday, representatives of the agency declined to comment on questions about the new disclosure. “As NHAI is going digital, it is advancing its security posture by adopting world’s best cyber security measures. It is adopting ...tool based user awareness training where user’s IT skill improvement can be monitored and measured,” said Akhilesh Srivastava, chief general manager (IT), of NHAI in response to HT’S questions.
Chandra, who retired in 2018, said he did not think the leak of his personal data would be a security risk, “...but we need to find out the source of the attack. Tendering documents are slightly of vulnerable nature... NHAI needs to ensure it builds a strong security system to be able to thwart such attacks”.
While it was not clear how much ransom may have been sought, Ritesh said that typically, “Maze hackers are known to ask in excess of hundreds of thousands of dollars to millions”.
Cybersecurity research agencies have not yet indicted a particular group for using Maze, but, according to Ritesh, the techniques overlap with groups in Russia, China and North Korea. “As of now our attribution shows Russian hackers are behind Maze but same techniques are being used by Chinese and Korea cyber criminals,” he said.
NHAI manages contracts worth millions of rupees a year, and its network systems are used for sensitive data, including toll management.