Connect with us

Uncategorized

The World’s Largest Biometric Digital ID System, India’s Aadhaar, Just Suffered Its Biggest Ever Data Breach

The World’s Largest Biometric Digital ID System, India’s Aadhaar, Just Suffered Its Biggest Ever Data Breach

Authored by Nick Corbishley via…

Published

on

The World's Largest Biometric Digital ID System, India's Aadhaar, Just Suffered Its Biggest Ever Data Breach

Authored by Nick Corbishley via NakedCapitalism.com,

In one fell swoop, roughly 10% of the global population appears to have had some of their most valuable personal identifiable information (PII) compromised. Yet Aadhaar continues to receive plaudits from Silicon Valley. 

An anonymous hacker claims to have breached the digital ID numbers, as well as other sensitive personal data, of around 815 million Indian citizens.

To put that number in perspective, it is more than 60% of the 1.3 billion Indian people enrolled in the government’s Aadhaar biometric digital identity program, and roughly 10% of the entire global population. Thanks to the breach — the largest single one in the country’s history, according to the Hindustan Times — the personal data of hundreds of millions of Indians are now up for grabs on the dark web, for as little as $80,000.

To register for an Aadhaar card, Indian residents have to provide basic demographic information, including name, date of birth, age, address and gender, as well as biometric information, including ten fingerprints, two eyeball scans and a facial photograph. Much of that data has apparently been compromised.

Media reports suggest that the source of the leak was the Covid-19 test data of the Indian Council of Medical Research (ICMR), which is linked to each individual’s Aadhaar number.

The alarm was first raised by Resecurity, a Los Angeles-based cyber security company, which on Oct 15 included the following in a blogpost on its corporate website:

On October 9th, a threat actor going by the alias ‘pwn0001’ posted a thread on Breach Forums brokering access to 815 million “Indian Citizen Aadhaar & Passport” records. To put this victim group in perspective, India’s entire population is just over 1.486 billion people.

HUNTER investigators established contact with the threat actor and learned they were willing to sell the entire Aadhaar and Indian passport dataset for $80,000.

The data set offered by pwn0001 contains multiple fields related to the PII of Indian citizens, including but not limited to:

– name
– father’s Name
– phone Number
– other Number
– passport Number
– aadhar Number
– age
– gender
– address
– district
– pincode
– state…

One of the leaked samples contains 100,000 records of personal identifiable information (PII) related to Indian residents. In this sample leak, HUNTER analysts identified valid Aadhaar Card IDs, which were corroborated via a government portal that provides a “Verify Aadhaar” feature. This feature allows people to validate the authenticity of Aadhaar credentials,” Resecurity said…

Resecurity acquired… 400,000 records and contacted multiple victims to validate the information, as well as used the “Verify Aadhaar” feature available via official government WEB-resource in India.

The contacted victims from the acquired data set confirmed the validity of their data, and stated they have never been notified about [the breach] before.

Digital Identity Theft

A leak of such highly sensitive personal identifiable information (PII) creates a significant risk of digital identity theft, warns Security Affairs:

Threat actors leverage stolen identity information to commit online banking theft, tax refund fraud, and other cyber-enabled financial crimes. Nation-state actors are also hunting for Aadhaar data with the goal of espionage and influence campaigns that leverage detailed insights on the Indian population. Resecurity observed a spike in incidents involving Aadhaar IDs and their leakage on underground cybercriminal forums by threat actors who look to harm Indian nationals and residents.

Aadhaar (Hindi for “foundation”) is a 12-digit unique identity (UID) number issued by the government after confirming a person’s biometric and demographic information. Launched in 2012 as part of an initiative to give each Indian resident with a unique identification number, it is the largest digital identity system on the planet, with 1.3 billion UIDs issued by 2021, covering a staggering 92% of India’s population.

It was ostensibly created to provide people without identification a formal government ID as well as crack down on duplicate, fake or stolen IDs used to benefit from government programs and welfare schemes.

And it quickly drew interest and praise from elite quarters around the world, including Silicon Valley.

In a 2019 entry of his “Gates Notes” blog, Bill Gates lauded Aadhaar for making “India’s invisible people visible.” Three years earlier, in a lecture on Technology for Transformation, Gates had said that Aadhaar is something that had never been done before by any government, not even in a rich country. He also claimed it does not pose any privacy risks; try telling that to the 815 million people whose personal data is now up for grabs on the Dark Web!

Together with Nandan Nilekani, one of the co-founders of Indian tech giant Infosys who is widely recognised as Aadhaar’s chief architect, Gates went on to play a key role in exporting Aadhaar to other parts of the so-called Global South, much of it financed by the World Bank. The two tech billionaires also reportedly helped persuade the Modi government to embark on the disastrous path of demonetisation in order to expand cashless payment alternatives. Demonetisation is believed to have caused a 2% drop in India’s GDP growth in 2016/17 alone — the equivalent of $52 billion, according to the Sunday Guardian.

Even today, Aadhaar continues to receive plaudits from Silicon Valley, despite all of its security flaws, privacy concerns and other issues. Worldcoin, the controversial cryptocurrency project set up by OpenAI CEO Sam Altman that uses an eye-scanning “orb” to give users a unique digital identity to verify whether they are human, recently said it seeks to emulate India’s Aadhaar system in its own creation of a global identity and financial network.

Ironically, both Aadhaar and World Coin were featured in a recent report by Moody’s Investor Services as examples of how not to develop a digital identity system. As I noted at the time, it is not clear whether Moody’s criticisms were merely poorly timed, given the geopolitical backdrop, or form part of a broader campaign in the Anglosphere against India’s interests. The Modi government and Indian tech businesses are desperately keen to export the so-called “Indian Stack” — the Jan Dhan Yojana, a financial inclusion program; UPI, an instant payments system launched in 2016, just six months before the government yanked 84% of India’s cash notes out of circulation in its infamous demonetisation campaign; and Aadhaar.

Mission Creep on Steroids

Aadhaar was first introduced as a voluntary way of improving welfare service delivery. But the Modi government rapidly expanded its scope by making it mandatory for welfare programs and state benefits.

The mission creep didn’t end there. Aadhaar has become all but necessary to access a growing list of private sector services, including medical records, bank accounts and pension payments. According to Security Affairs, it is the security weaknesses of many of these third parties, including utility companies, independent service providers, mobile and telecommunication operators, and lending and fintech services, that are behind many of the data breeches.

Plans are also afoot to link voter registration to Aadhaar, despite the system’s glaring security flaws. Besides the vulnerability of its data storage, India’s Aadhaar system has many other downsides, as I noted in my book Scanned:

For a start, it tracks users’ movements between cities, their employment status and purchasing records. It is a de facto social credit system that serves as the key entry point for accessing services in India. While the system has helped to speed and clean up India’s bureaucracy, it has also massively increased the Indian government’s surveillance powers and excluded over 100 million people from welfare programs as well as basic services.

The public body in charge of Aadhaar, the Unique Identification Authority of India (UIDAI), is yet to comment on the latest breach. But if past form is any guide, when it does it will deny all charges. It has so far refuted all accusations of data breaches, since the Aadhaar system went fully live seven years ago, including claims from Wikileaks that the CIA might have access to the database and allegations in the World Economic Forum’s Global Risks Report 2019 that Aadhaar had “suffered multiple breaches that potentially compromised the records of all 1.1 billion registered citizens.”

Given the sheer number of breaches Aadhaar has suffered, this level of denialism is becoming untenable. Even Biometric Update, the most important trade publication for the biometrics industry, has warned that India is “bleeding biometric data.” And biometric data is our most valuable personal identifiable information. If it is hacked there is no way of undoing the damage. You cannot change or cancel your iris or fingerprint like you can change a password or cancel a credit card.

The chances of that data being hacked are significant given how pourous most databases are, notes Professor Sandra Watcher, a data ethics professor at the Oxford Internet Institute:

“The idea of a data breach is not a question of if, it’s a question of when. Welcome to the internet: everything is hackable.

Given the sheer number and scale of recent breaches,  the “Indian govt’s insistence that Aadhaar is secure rings hollow,” concludes Biometric Update:

A piece in Security Affairs reports that earlier this month, the cybersecurity firm Resecurity found hundreds of millions of records containing personally identifiable information (PII) for sale on the dark web. Aadhaar cards were among the data on offer.

Also in October, the PII of applicants to a program for young filmmakers at the International Film Festival of India was exposed on a government website for the event. The Deccan Herald reports that the Times of India was able to access a parent directory that contained the Aadhaar IDs, PAN cards and other PII of more than 100 people who applied through the National Film Development Corporation (NFDC).

Furthermore, as reported in The Hindu, a police raid on a brothel in Bengaluru found that sex workers had been given fake Aadhaar cards, and prompted an investigation into wider production of fake government IDs, voter cards and other documents.

And finally, there is the now-resolved case of fingerprint biometrics, digital ID numbers, identity documents, photographs and images submitted to Aadhaar being exposed by the West Bengal state government website.

The latter case is particularly pertinent since it reveals how fragile biometric identifiers can be, especially when it comes to finance. In recent years, a consortium of public and private sector players, including the Reserve Bank of India, UIDAI, the National Payments Corporation of India (NPCI) and the Institute for Development and Research in Banking Technology, has developed a cardless banking system called the Aadhaar-enabled Payment System, or AePS. To avail of the service, all customers need is a bank name, an Aadhaar number and the biometric identifiers captured during their Aadhaar enrolment. It’s quick, easy but not remotely safe.

A recent criminal case in Bengal has revealed that a purely biometric-enabled payment system, involving no cards and no PIN numbers, is not secure, particularly when the biometric identifiers in question and Aadhaar numbers are easily accessible on the World Wide Web. As always in these cases, enterprising fraudsters are leagues ahead of the authorities. From Business Standard:

The latest scam alert came to light after Kolkata Police uncovered cases where fraudsters are stealing data, including thumbprints, from land registries off the West Bengal Government’s land records website. Two individuals were reportedly arrested for their involvement in fraudulent transactions using the Aadhaar Enabled Payment System (AePS).

“These accused developed fake fingerprints that were used to withdraw money from the complainant’s bank account. Primarily. It has been found that the electronic data are gathered from different public domains/websites,” a senior officer of Kolkata Police told the Indian Express.

Subsequently, Kolkata Police requested the state Finance Department to conceal biometric data, including fingerprints, and Aadhaar card numbers extracted from property deeds or any other documents uploaded to the state government’s property registration website.

The response from certain banks and law enforcement agencies is revealing: they are telling bank customers to lock their biometrics at m-Aadhaar app/UIDAI portal and start using a four-digit pin to authenticate payments and prevent unauthorized access to their bank accounts. It is an open admission that biometric identifiers, on their own, are not safe enough for transaction purposes. Nor are they being stored securely by public or private entities. This should (but probably won’t) serve as a cautionary tale for all the other governments and companies around the world seeking to harness the power of biometric identifiers and digital identity.

Tyler Durden Sat, 11/04/2023 - 22:45

Read More

Continue Reading

Uncategorized

Another airline is making lounge fees more expensive

Qantas Airways is increasing the price of accessing its network of lounges by as much as 17%.

Published

on

Over the last two years, multiple airlines have dealt with crowding in their lounges. While they are designed as a luxury experience for a small subset of travelers, high numbers of people taking a trip post-pandemic as well as the different ways they are able to gain access through status or certain credit cards made it difficult for some airlines to keep up with keeping foods stocked, common areas clean and having enough staff to serve bar drinks at the rate that customers expect them.

In the fall of 2023, Delta Air Lines  (DAL)  caught serious traveler outcry after announcing that it was cracking down on crowding by raising how much one needs to spend for lounge access and limiting the number of times one can enter those lounges.

Related: Competitors pushed Delta to backtrack on its lounge and loyalty program changes

Some airlines saw the outcry with Delta as their chance to reassure customers that they would not raise their fees while others waited for the storm to pass to quietly implement their own increases.

A photograph captures a Qantas Airways lounge in Sydney, Australia.

Shutterstock

This is how much more you'll have to pay for Qantas lounge access

Australia's flagship carrier Qantas Airways  (QUBSF)  is the latest airline to announce that it would raise the cost accessing the 24 lounges across the country as well as the 600 international lounges available at airports across the world through partner airlines.

More Travel:

Unlike other airlines which grant access primarily after reaching frequent flyer status, Qantas also sells it through a membership — starting from April 18, 2024, prices will rise from $600 Australian dollars ($392 USD)  to $699 AUD ($456 USD) for one year, $1,100 ($718 USD) to $1,299 ($848 USD) for two years and $2,000 AUD ($1,304) to lock in the rate for four years.

Those signing up for lounge access for the first time also currently pay a joining fee of $99 AUD ($65 USD) that will rise to $129 AUD ($85 USD).

The airline also allows customers to purchase their membership with Qantas Points they collect through frequent travel; the membership fees are also being raised by the equivalent amount in points in what adds up to as much as 17% — from 308,000 to 399,900 to lock in access for four years.

Airline says hikes will 'cover cost increases passed on from suppliers'

"This is the first time the Qantas Club membership fees have increased in seven years and will help cover cost increases passed on from a range of suppliers over that time," a Qantas spokesperson confirmed to Simple Flying. "This follows a reduction in the membership fees for several years during the pandemic."

The spokesperson said the gains from the increases will go both towards making up for inflation-related costs and keeping existing lounges looking modern by updating features like furniture and décor.

While the price increases also do not apply for those who earned lounge access through frequent flyer status or change what it takes to earn that status, Qantas is also introducing even steeper increases for those renewing a membership or adding additional features such as spouse and partner memberships.

In some cases, the cost of these features will nearly double from what members are paying now.

Read More

Continue Reading

Uncategorized

PR55α-controlled PP2A Inhibits p16 Expression and Blocks Cellular Senescence Induction

“Our results show that PR55α specifically reduces p16 expression […]” Credit: 2024 Palanivel et al. “Our results show that PR55α specifically…

Published

on

“Our results show that PR55α specifically reduces p16 expression […]”

Credit: 2024 Palanivel et al.

“Our results show that PR55α specifically reduces p16 expression […]”

BUFFALO, NY- March 19, 2024 – A new research paper was published in Aging (listed by MEDLINE/PubMed as “Aging (Albany NY)” and “Aging-US” by Web of Science) Volume 16, Issue 5, entitled, “PR55α-controlled protein phosphatase 2A inhibits p16 expression and blocks cellular senescence induction by γ-irradiation.”

Cellular senescence is a permanent cell cycle arrest that can be triggered by both internal and external genotoxic stressors, such as telomere dysfunction and DNA damage. The execution of senescence is mainly by two pathways, p16/RB and p53/p21, which lead to CDK4/6 inhibition and RB activation to block cell cycle progression. While the regulation of p53/p21 signaling in response to DNA damage and other insults is well-defined, the regulation of the p16/RB pathway in response to various stressors remains poorly understood. 

In this new study, researchers Chitra Palanivel, Lepakshe S. V. Madduri, Ashley L. Hein, Christopher B. Jenkins, Brendan T. Graff, Alison L. Camero, Sumin Zhou, Charles A. Enke, Michel M. Ouellette, and Ying Yan from the University of Nebraska Medical Center report a novel function of PR55α, a regulatory subunit of PP2A Ser/Thr phosphatase, as a potent inhibitor of p16 expression and senescence induction by ionizing radiation (IR), such as γ-rays. 

“During natural aging, there is a gradual accumulation of p16-expressing senescent cells in tissues [76]. To investigate the significance of PR55α in this up-regulation of p16, we compared levels of the p16 and PR55α proteins in a panel of normal tissue specimens derived from young (≤43 y/o) and old (≥68 y/o) donors.”

The results show that ectopic PR55α expression in normal pancreatic cells inhibits p16 transcription, increases RB phosphorylation, and blocks IR-induced senescence. Conversely, PR55α-knockdown by shRNA in pancreatic cancer cells elevates p16 transcription, reduces RB phosphorylation, and triggers senescence induction after IR. Furthermore, this PR55α function in the regulation of p16 and senescence is p53-independent because it was unaffected by the mutational status of p53. Moreover, PR55α only affects p16 expression but not p14 (ARF) expression, which is also transcribed from the same CDKN2A locus but from an alternative promoter. In normal human tissues, levels of p16 and PR55α proteins were inversely correlated and mutually exclusive. 

“Collectively, these results describe a novel function of PR55α/PP2A in blocking p16/RB signaling and IR-induced cellular senescence.”
 

Read the full paper: DOI: https://doi.org/10.18632/aging.205619 

Corresponding Authors: Michel M. Ouellette, Ying Yan

Corresponding Emails: mouellet@unmc.edu, yyan@unmc.edu

Keywords: p16, p14, CDKN2A locus, p53, RB, PR55α, PP2A, γ-irradiation

Click here to sign up for free Altmetric alerts about this article.

 

About Aging:

Aging publishes research papers in all fields of aging research including but not limited, aging from yeast to mammals, cellular senescence, age-related diseases such as cancer and Alzheimer’s diseases and their prevention and treatment, anti-aging strategies and drug development and especially the role of signal transduction pathways such as mTOR in aging and potential approaches to modulate these signaling pathways to extend lifespan. The journal aims to promote treatment of age-related diseases by slowing down aging, validation of anti-aging drugs by treating age-related diseases, prevention of cancer by inhibiting aging. Cancer and COVID-19 are age-related diseases.

Aging is indexed by PubMed/Medline (abbreviated as “Aging (Albany NY)”), PubMed Central, Web of Science: Science Citation Index Expanded (abbreviated as “Aging‐US” and listed in the Cell Biology and Geriatrics & Gerontology categories), Scopus (abbreviated as “Aging” and listed in the Cell Biology and Aging categories), Biological Abstracts, BIOSIS Previews, EMBASE, META (Chan Zuckerberg Initiative) (2018-2022), and Dimensions (Digital Science).

Please visit our website at www.Aging-US.com​​ and connect with us:

  • Facebook
  • X, formerly Twitter
  • Instagram
  • YouTube
  • LinkedIn
  • Reddit
  • Pinterest
  • Spotify, and available wherever you listen to podcasts

 

Click here to subscribe to Aging publication updates.

For media inquiries, please contact media@impactjournals.com.

 

Aging (Aging-US) Journal Office

6666 E. Quaker Str., Suite 1B

Orchard Park, NY 14127

Phone: 1-800-922-0957, option 1

###


Read More

Continue Reading

Uncategorized

Wall Street Bonuses Fall For Second Year To 2019 Lows Amid Capital Markets Freeze

Wall Street Bonuses Fall For Second Year To 2019 Lows Amid Capital Markets Freeze

Wall Street bonuses have declined for two consecutive years,…

Published

on

Wall Street Bonuses Fall For Second Year To 2019 Lows Amid Capital Markets Freeze

Wall Street bonuses have declined for two consecutive years, falling to levels last seen in 2019, according to the latest yearly figures released by New York State Comptroller Thomas P. DiNapoli. This trend is occurring amidst a multi-year downturn in capital markets due to the Federal Reserve's interest rate hiking cycle.

According to the report, the average Wall Street cash bonus fell 2% to $176,500 in 2023, the lowest level since 2019. The drop was far less than the 25% plunge in 2022. Last year's bonus pool was $33.8 billion, unchanged from the previous year but far less than the $42.7 billion during the stock market mania in 2021. 

Source: Bloomberg 

"Wall Street's average cash bonuses dipped slightly from last year, with continued market volatility and more people joining the securities workforce," DiNapoli said in a news release on Tuesday. 

He continued: "While these bonuses affect income tax revenues for the state and city, both budgeted for larger declines so the impact on projected revenues should be limited." 

"The securities industry's continued strength should not overshadow the broader economic picture in New York, where we need all sectors to enjoy full recovery from the pandemic," he added.

Despite the slump, the report said Wall Street's profits rose 1.8% last year, "but firms have taken a more cautious approach to compensation, and more employees have joined the securities industry, which accounts for the slight decline in the average bonus." 

The report showed the industry employed 198,500 people in 2023, up from 191,600 the prior year. This expansion occurred during a period when US banks laid off 23,000 jobs. 

Given that swaps traders and economists at Goldman Sachs Group are forecasting fewer Fed interest-rate cuts this year, a higher-for-longer rates environment will continue to discourage capital-market activity. 

There's about a 50% chance of a June cut. Over the last several months, the Fed's interest-rate target implied by overnight index swaps and SOFR futures went from 700bps of cuts to currently 292bps of cuts for the full year. 

Any delay in the easing cycle will only mean another year of depressed bonuses for Wall Street. 

Tyler Durden Tue, 03/19/2024 - 10:00

Read More

Continue Reading

Trending