A group of hackers has claimed to have breached the online citizen services platform of the Kerala Police and demanded 2,500 Euros and Rs 2.25 lakh in ransom for deleting the stolen data.

The data was allegedly stolen from the police’s ‘Thuna’ citizen service portal.

On March 19, KillSec, the hackers’ gang, announced the alleged breach in a post on its Telegram channel and asked the Kerala Police to negotiate through an end-to-end encrypted, open-source messenger “built for people who want absolute privacy and freedom from any form of surveillance”. It also shared samples of the digital booty.

“For us to wipe the data breach, we ask for a ransom of 2,500 Euros (negotiable),” it shared along with a unique chat session ID for approaching the hackers.

A few days later, the cyberattackers published the alleged stolen data on its website hosted on the dark web.

On its dark web-based site, KillSec claims it has so far targetted five organisations, including two based in India.

India Today’s Open-Source Intelligence (OSINT) team reviewed the data. It is around 11 MB in size and includes citizens’ complaints regarding petty offences and information related to locked houses & management of individuals’ appointments with police officials.

The data includes complaints related to driving, parking, sand mining, online harassment, nuisance created by roadside vendors, and a Facebook advertisement for printing fake currency notes. It also contains complaints against police vehicles and information about houses closed for days in a row.

The alleged breach was brought into the public domain by US-based OSINT and operational security specialist Sam Bent on LinkedIn.

Tata Consultancy Service (TCS) was also involved in the revamping of the ‘Thuna’ portal, it said on its site.

The data relates to various types of complaints filed by citizens.

POLICE RESPONSE

A senior police officer confirmed the data breach to India Today while describing it as “user side” “open web data” and asserted that no information related to the police administration was compromised.

“They (hackers) have got some user-side data. (There was) no access to police administration data,” said the police officer posted at the Cyber Operations Wing of the state police.

The police also said that it had changed the hosting of the user data to its internal systems.

SERVICES ON ‘THUNA’

As per reports, ‘Thuna’ portal provides a suite of services that include access to General Diary (GD) entries for accident incidents, approvals for loudspeaker usage, submission of petitions, and issuance of Police Clearance Certificates verifying the applicant’s non-involvement in criminal activities.

Applicants can track the status of their requests either through the portal or via SMS. Additionally, the portal offers the facility to download copies of the First Information Report (FIR) for various cases.

People can also file complaints for lost goods and intimate the police about strikes and processions they intend to carry out. The portal also lets insurance companies collect various documents related to motor accidents against payments.

Published By:

Ashutosh Acharya

Published On:

Mar 27, 2024

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *