Ministry of External Affairs’data is being hacked and on sale over darkweb. But, the hacker says he has a huge amount of email data that is sensitive and can be a cause for mass destruction of security standards. So, how did the attack took place and how the attack simply attacked the network getting caught? Let’s talk about it!
Dark Web is the place where more than 15 senior officials of the Ministry of External Affairs data have been put on sale. Data included their official emails and passwords. The data is being sold and the starting price set by the hacker was from Rs 6 lakh to Rs 22 lakh.
The investigation of the Ministry of External Affairs’s hacked email data was under the Central Investigation Agency.
Reporter Shivang Mishra handled all investigation of the actions taken by the hacker when they saw the investigation is happening. However, there are two questions arising.
- Was the email server of the Ministry of External Affairs really hacked? If it is, then when did it happen?
- Do hackers really have confidential emails of Foreign Ministry officials?
We started an investigation based on these questions. Mr. Shivang Mishra contacted the hacker imitating as a buyer on Telegram.
- The correspondent asked hackers for the price while expressing their desire to buy the email data of the Ministry of External Affairs.
- The adversary told, if we want full access over email server, we will have to pay around ₹21,80,000.
- Moreover, the hacker said he has downloaded around 25 GB of data from the email server of the Ministry of External Affairs.
- However, if we only want the data of official/confidential/official confidential emails, we will have to transfer around ₹ 6 Lakh.
- After 10-15 seconds, the adversary started sending samples of official confidential conversations of emails related to several official of the Ministry of External Affairs, other departments, and government officials of the nation.
- We got total 9 emails of conversation sample. All samples were compressed formatted.
- After decompressing the samples, we were shocked.
The conversation was between two higher authorities.
1) M.E.R. (Multi Electoral Economic Relations Division) (Director) Dr. Piyush Singh
2) C.B.I.C. (Central Board of Indirect Taxes and Customs) W.C.O. Cell (Deputy Commissioner) Vivek Kumar.
What was suspicious? Ukraine issue is to be discussed in “W.C.O. Council”. In such a situation, what is India’s stand on the Ukraine war? What kind of advice does the Ministry of External Affairs want to give to the “C.B.I.C.”
This email was dated “15, June, 2022.” The talk was about India’s foreign policy. Hackers got their hands on a super confidential data that has been restrained under super security. Moreover, if it’s available over Darkweb, then it could be available for any nation.
But the question is who is this hacker?
We told him that we’re interested in buying the data. In the end of 2 hours of conversation, we sent a fake bill to the adversary. He was told that we have paid in 30 bitcoins to his a/c. Moreover, the transfer will ne shown around 3 hours.
Around 07:30 PM, the accused asked – When will the money come? From our side we said – It will be according to Indian Time @08:48 PM. Adversary replied – around 11:48 PM, you mean? Now, it was clear that the adversary who claimed to be from Japan was originally joined the conversation from North Korea.
We asked if the hacker was chatting from North Korea. She replied with – “Yes.” Due to repetition of know her real name, she got the clue as if she has given a lot of her person info. After that, she left the conversation and blocked us. Moreover, she deleted all chats over the platform. However, we recorded that chat via screen record. Now, it’s needed to verify the data.
Akhilesh Prashad Singh, Bihar Congress President
“See, this is a matter related to national security. Here, we see in the Rajya Sabha and the Lok Sabha, the Foreign Minister always talks about cyber security. So if this cyber intelligence is failing, it could be critical. The Foreign Minister doesn’t get hurt when they talk about cyber security.
Foreign Minister, during the arrival of this question in Rajya Sabha, said that we are number one in the world in terms of cyber security. But if what you are saying is true, then definitely he will answer to this.
The samples sent by the hacker are only samples. That’s because the hackers who sent these samples to us, and the API of the Ministry of External Affairs had claimed to have hacked the emails. The attacker claimed to have many such emails with her.”
Amit Dubey, Cyber Security Expert & R&D Team Gov.
“The data we analyzed and the email samples that have come, one thing we see if there is any common email in it. One doubt was that an email ID may have been compromised, through which his password may have been leaked, then his mobile may have been hacked and because of that, his email ID was lost.
But nothing as such has happened. Each email in it was from a different contact, so there was no common email ID. It is understood from this that it is a data breach. If there was an email breach, there would have been only emails related to it or an email ID must have been common.
So this was not a pattern, this was the first thing that was observed. And because these are in different contexts, some are in the context of the Ukraine Russia war, some are for visas, and some are about some dialogue. So the contact points of these emails are also different.
Along with the Cyber Security Expert’s seal, it was clear that the Ministry of External Affairs’ data had been hacked.”
Thus, we wrote an email to
- The Foreign Secretary of India.
- The Spokesperson of the Ministry of External Affairs, (Director General of the National Informatics Center).
We hoped for an official response from the Director General of the Computer Emergency Response Team and forwarded this issue to him. We sent these emails to them on 11th January.
Jan, 19, 2023
The Ministry of External Affairs held a weekly briefing. There Zee News asked them about the data leak. Arindam Bagchi was surprised and asked how did you know.
Arindam Bagchi, Foreign Ministry spokesperson
“You are talking about hacking, right? There is a security mechanism in our ministry. We take cyber security very seriously. Even if there is an allegation of breach, they take it very seriously. We work with N.I.C. and maintain the servers.
We discuss these things with different technical agencies as well. Their investigation is done. Due to security implications, I will not be able to respond to specific incidents. Neither will I say yes nor will I say no.
Even though the Ministry of External Affairs did not comment on this, they definitely accepted that their email server was definitely hacked.
Email was found in 3 security breaches, and its password was also present in two places. First breach August 2017 and second breach December 2018. In both breaches, the email address and password of the Foreign Minister of India was leaked.
For more amazing facts & information like this, you can follow us on News4Hackers. Leave a comment if you have any queries.
Kindly read another articles: