Posted on March 21, 2019 at 9:36 AM
Benevolent French Hacker Helps Secure Aadhaar Information
Indian cyber security experts, helped by mysterious French hacker who goes by the online pseudonym Elliot Alderson (a name made popular by the international hit show Mr. Robot), have finally managed to plug a large, sensitive data leak over the last ten days. These reports come exclusively from The Hindu.
Alderson, who claims to be French, tweeted on the 10th of March that two Indian government websites were leaking document IDs – including the eponymous Aadhaar cards (numbers). He claimed to have scraped three hundred thousand documents from one website, and 5000 from another.
Hi @UIDAI and @IndianCERT,
Today, I celebrate the 100,000 followers. I want to invite you to the party and because I'm a nice guy, I will do you a favor. 2 #Indian governmental websites are leaking 300,000 and 5,000 documents IDs including #Aadhaar cards. Contact me by DM for…
— Elliot Alderson (@fs0c131y) March 11, 2019
The reason he tweeted was to celebrate having gained one hundred thousand followers on Twitter and invited the Indian government to join the party. He also invited someone, anyone who was in charge of information security for the Indian government to contact him as soon as possible so that he would be able to disclose the issue he had found responsibly.
He also added that journalists had no need to contact him at all – as he did not feel as if publishing the exploit would be in the overall spirit of what he was doing. He felt that his responsibility was to those people who had had their documents and identities potentially at risk from people who were more unscrupulous than the supposed French infosec hero.
…the details and to give me the opportunity to disclose the issue responsibly. As personal information are at risk you have 1 week.
Regards,
Your worst nightmare,— Elliot Alderson (@fs0c131y) March 11, 2019
According to further reports from The Hindu, this supposed leak was discussed at the top levels of the Indian government – and by all accounts, there were very many people who took Elliot Alderson’s words extremely seriously. The Indian government proceeded to contact Elliot Alderson and deployed a “top secret operation to identify and plug the leaks.”
It took eight days from the twitter announcement to the announcement that all problems had been cleared up. Much like the news that there was a leak at all, it was reported on Elliot Alderson’s twitter page. He further went on to say that great things may be accomplished when people work towards common goals that benefit everyone instead of looking at each other antagonistically. He also reiterated that hackers are the good guys. The people who discover problems before the more unscrupulous type can use and abuse them.
Elliot Alderson is also well known for being a critic of the Aadhaar system – which stores all of the personal details of India’s population on a central server. This, according to most critics, creates a single point of failure that can be abused under the right circumstances by the right types of people.
Thankfully, this French infosec wizard is on the side of the angels, and chooses to use his powers to make the world a safer place, and not like the typically portrayed hackers in movies and tv shows who will almost always be greedy and cause destruction.