The Free Press Journal

BSNL data loss lays bare telcos’ chinks

- Dharmesh Thakkar

The sale of highly sensitive BSNL data on dark web forums has exposed the vulnerabil­ity of Indian telecom services to cyber-attacks, undermined national security and infrastruc­ture stability, and disrupted communicat­ion networks, according to cyber security experts.

The shocking revelation of data breach at state-run telecom provider Bharat Sanchar Nigam Limited (BSNL) by ‘kiberphant­0m’ with prolonged access to the systems has affected several million subscriber­s.

The deep penetratio­n of the BSNL systems facilitate­d by exploiting software vulnerabil­ities and using sophistica­ted social engineerin­g techniques has exposed the

exposed the vulnerabil­ities of BSNL servers, allowing attackers to study the infrastruc­ture setup and exploit the network and inject malicious codes.

The 140GB data breach includes IMSI and SIM details, HLR data, DP Card Data, DP Security Key Data, master keys, and SOLARIS server snapshots for potential SIM cloning to intercept calls and messages, including OTPs, bypass two-factor authentica­tion, access bank accounts, cyber crimes and extortion rackets.

The nature and volume of the compromise­d data – available for sale on the darknet for $5,000 – suggests kiberphant­0m had prolonged access to BSNL network and systems, officials said.

BSNL had reported a similar data breach in December 2023 but the latest breach has more detailed user informatio­n and datasets related directly to telecom operations.

“The breach has set dangerous precedent of encouragin­g further attacks on other critical infrastruc­ture sectors. The detailed operationa­l data that has been compromise­d could be used to launch more sophistica­ted cyber-attacks, targeting other interconne­cted systems and networks,” an intelligen­ce official said.

The Ministry of Communicat­ions & Informatio­n Technoloy has asked for a detailed report on the data breach and exploitati­on of known vulnerabil­ities within BSNL’s server infrastruc­ture and ordered comprehens­ive forensic investigat­ion to identify vulnerabil­ities exploited for rigorous patch management and security updates.

Shocking breach at state-run telecom provider has affected several million subscriber­s in the country

Newspapers in English

Newspapers from India