Kerala Cyber Warriors Hack an Indian Government Server and Expose 80,000 Coronavirus Patients' Data
If you've tested positive for coronavirus, the safety of your personal data probably isn't that high on your priority list right now. You shouldn't forget, however, that the theft of personal information can have very serious consequences both now and in the future when the COVID-19 crisis is over. Unfortunately, a group of hackers who call themselves Kerala Cyber Warriors showed recently that the theft of coronavirus patients' personal data might not be that difficult.
Kerala Cyber Warriors compromised the website of Delhi State Health Mission in "less than 10 minutes"
On Saturday, the hackers used their Facebook page to announce their successful attack against the Delhi State Health Mission's (DSHM) website. The post, which is available both in English and Malayalam, reads that the hackers weren't entirely sure what they'd find once they hack the website or how easy it would be to compromise it.
Apparently, the first surprise came after they realized just how poor the security of the website is. According to their Facebook post, Kerala Cyber Warriors managed to break through its defenses "in less than 10 minutes." Mind you, this might not be that shocking. If you check out a relatively recent snapshot of DSHM's website, you'll be left with the impression that it hasn't been updated in a while.
The personal information of 80 thousand COVID-19 patients was stored on DSHM's server
The second surprise came when they realized what sort of data they had access to. A spokesperson for the hacking crew told PortSwigger that prior to the attack, Kerala Cyber Warriors had no idea how DSHM stores and tracks COVID-19 data. When they broke in, they found out pretty quickly.
The server hosted a database that apparently held the personal details of around 80 thousand coronavirus patients. The records included, among other things, names, phone numbers, addresses, COVID-19 test results, quarantine surveillance data, and passport information. It was clear that DSHM was using the server for tracking and managing the information of COVID-19 patients. As a result, the records were editable, which meant that hackers with malicious intent could alter the data and lead not only to poor tracking of the virus' spread but also to improper hospital treatment for COVID-19 patients. Thankfully, Kerala Cyber Warriors had no malicious intent. At least that's what they say.
It was a hacktivism act
Kerala Cyber Warriors had no intention of altering or misusing the data. In fact, with the attack on DSHM, they wanted to show the world how upset they are with the way the coronavirus crisis is handled in India. A few days before it, they published a YouTube video in which an automated voice criticizes the Indian government and private hospitals over stock footage of a person wearing a Guy Fawkes mask. The voice accuses India's public and private healthcare sectors of exploiting doctors and nurses, making illegal profits out of reused personal protection equipment, and even denying treatment to patients who refuse to pay. To raise awareness, Kerala Cyber Warriors defaced the website after they broke in, and DSHM had no other choice but to bring it down. As of the time of writing, it's still offline.
Whether the Indian government is guilty of everything it is accused of is for other people to decide. What we can say, however, is that patients' data was not secured as well as it should have been, and unfortunately, according to Kerala Cyber Warriors, they might not have been the first ones to access that data.
The hacktivists said that they found multiple backdoors on the server, which, they think, were deployed in March by Chinese hackers. This could completely change the nature of the incident because it could mean that coronavirus patients' data might have been accessible to hackers who plan to do something a lot more sinister than deface a website.