Home Geeky Scoop Did CIA compromised UIDAI Data ?

Did CIA compromised UIDAI Data ?

5 min read
Comments Off on Did CIA compromised UIDAI Data ?
0

The WikiLeaks has published a report that claims that the CIA may have compromised Adhaar Data. According to the report the CIA infiltrated a company “Cross Match Technologies” and managed to install a software called “ExpressLane” into their programs. 

Did CIA compromised UIDAI Data ?

The CrossMatch and CIA relation

Cross Match is one of many biometric capture device supplier in India’s UIDAI program. ExpressLane is a software that CIA uses to exfilterate information from biometric systems. CIA has a department “Office of Technical Services” that provides liaison services to companies around the world. This liaison service is carried out in understanding that the company would share biometric data with CIA voluntarily. If company doesn’t shares data the ExpressLane will corrupt the licenses to the software and liaison will not be able to use the system unless the licenses are renewed. The OTS planned to collect data in pretense of upgrading the software. While upgradation the upgrading software will backup the *.eft, *.ldf and *.mdf files.

The Leak

According to the WikiLeaks documents , the software installs and behaves like a Trojan and will look like an authentic windows installation. A secret partition is created on the victim’s drive and all the encrypted data is saved there . The data is collected while a mandatory software upgrade. This program will act independently of the vendor’s program and will be undetectable by Norton, McAfee , Karpersky antiviruses. Apart from the mentioned Antiviruses the program will be virtually undetectable from standard security feature of windows such as Firewall, Defender, Software Protection Services etc. 
Did CIA compromised UIDAI Data ?
Source Wikileaks

Did CIA compromised UIDAI Data ?
Source Wikileaks

According to Wikileaks following softwares are compromised

According to GGI news the hardware required for Biometric capture is STQC certified and in use for Adhaar Registration, and it’s devices are listed in the Wikileaks document that mention alleged compromise.

Did CIA compromised UIDAI Data ?
Source GGI

Adhaar Process and Analysis of ExpressLane

Adhaar Kiosk Setup process involves downloading of SDK, Master Data , and setup files from Adhaar servers only. So in entire process there is no upgradation option from a USB flash drive in kiosk registration process. Unless CIA has came up with something that can transmit data to their server it doesn’t seems that ExpressLane can perform a rigorous data theft. Apart from the obvious logistical issue, the UIDAI has a thorough system in place which involves a full stack data security check, so it seems far fetched that a simple spyware such as ExpressLane could transmit such a huge amount of data in background and UIDAI server wouldn’t notice.    Unless The CIA has come up a way to integrate with the Biometric Hardware bypassing the UIDAI’s security, and come up with a way to transmit the data using the kiosk’s terminal to their server, the Data breach seems a far fetched idea. 

Crossmatch and UIDAI’s reaction
Crossmatch recently denied that any Crossmatch hardware is capable of storing , or transferring the data online. UIDAI also denied all claims of data theft in Adhaar registration process, UIDAI stated that “misinformation was being spread by certain vested interests”.

Comments

comments

Load More Related Articles
Load More By Sushant Bhargav
Load More In Geeky Scoop

Check Also

Get a Genuine Windows 10 for as cheap as $3 | Legal and Working

1 Get Genuine Windows 10 for as low as $ 3 You can own a legitimate windows 10 for as low …