BSNL intranet hacked; fixed after alert by researcher

BSNL has one of the best internet services in India. The internet speed of BSNL GPRS/3G is considerably better than other telecom companies.

A French security researcher, Baptiste Robert shows many loop holes into data security and he discovered multiple issues with different levels of security through his Twitter handle ‘Elliot Alderson’. The recent reported is on BSNL, which acknowledged the issues and fixed them.  VARINDIA at the time of writing this story has found that the website has gone offline.  

An anonymous French security researcher said he reached out to BSNL via Twitter (Elliot Alderson@fs0c131y) and informed them about the vulnerability he has claimed to have gained access to the private database of Bharat Sanchar Nigam Limited (BSNL) that contains details of more than 47,000 employees. Robert, gained access by breaking into the system and embedding a malicious code into the BSNL intranet application. This helped to source the entire database of employees, both present and past, of the telecom company.

Early Sunday morning, he shared a sample of the database that contains details of employee name, designation, password, mobile number, date of birth, date of retirement, email addresses etc.The French researcher also claimed that the websites intranetuk.bsnl.co.in and intranethr.bsnl.co.in had been attacked by ransomware and had gone unnoticed by BSNL until he reported it. 

This is the latest of the several vulnerabilities that Anderson has alerted various government bodies in India. Last week, he alerted Bengaluru City Police of security flaws in its directories and virtual private network, gaps in security in the servers of the Punjab Police and claimed to have identified leaks from Telangana government website of beneficiaries of the MNREGA, including their contact and person details.

India currently lacks data protection laws and such hacking is governed by the Indian IT Act 2000 that makes breaking into any computer system a penal offence. Individuals can be pressed with criminal charges. 

A new law is yet to come on Data security after a gap of 18 years, as Justice B.N. Srikrishna committee is working on the data protection framework and is evaluating a draft law to protect people in cyberspace against security flaws.

Tags: BSNL intranet hacked, researcher , bsnl, bsnl 3g, French security researcher Baptiste Robert, Elliot Alderson, MNREGA, VARINDIA, Bengaluru City Police, Bajaj Allianz General Insurances, Bajaj Allianz Individual Cyber Safe, cyber extortion, cyberbullying,