Data from police sites leaked on darknet, prone to abuse

Crucial data of at least 382 Bengaluru citizens have been found on the Darknet, vulnerable to theft and misuse after hackers hacked websites of the Bengaluru City Police.

Published: 11th September 2018 10:04 PM  |   Last Updated: 12th September 2018 02:41 AM   |  A+A-

Illustration  Amit Bandre

Express News Service

BENGALURU : Crucial data of at least 382 Bengaluru citizens have been found on the Darknet, vulnerable to theft and misuse after hackers hacked websites of the Bengaluru City Police. The leaked data include passport numbers, names, residential addresses, phone numbers and email IDs. Email IDs and passwords of police officials were also leaked on the Clearnet.

This leak was discovered recently by cyber security experts from CyberSafe Bangalore, an information technology security consulting company that works in the field of vulnerability, threat management, cyber crime, forensic investigation, cyber terrorism and Darknet.

Gagan Jain of CyberSafe explained to City Express, “If I am a person who has applied for a passport and my details are with the hacker, he can open a bank account in my name and buy narcotics. Should the cops get wind of it, the crime will be traced to me although I had no part to play in it. As for the police officials’ email ids, even if their passwords are changed since the hack, the email IDs are enough for hackers to spoof information.”

And here is the more worrisome part: While CyberSpace experts were able to extract only one file containing data of 382 Bengalureans, they say there could be innumerable such files on Darknet. They also discovered that this data was accessed after police websites were hacked in 2014 and 2016.
Experts say this data can be used to impersonate anyone whose details are on the data dump, right from the innocent Bengalureans to top-level police officials, for a range of disturbing activities — funding terror activities, indulging in illegal drug trafficking, flesh trade, or even opening bank accounts to siphon off funds.

Especially disturbing is the discovery that although some of the data is on Clearnet, much of it is on the Darknet, a kind of an anonymous internet which cannot be accessed through normal browsers such as Chrome, Firefox, etc, and is known to be used by terror organisations for cyber warfare, drug trade, prostitution and counterfeiting. One can even purchase leaked bank account details, create fake passports, driver’s licences, procure guns and hit-men using the Darknet. Clearnet, on the other hand, is what we use on a daily basis for surfing social media, work, education and entertainment purposes.

Gauthami B E , a cyber security expert with CyberSafe, says, “Passport details of people can be used to create fake bank accounts or use the person’s existing bank account to fund terrorism. A cyber criminal pretending to be a resident of Bengaluru can commit money-related crimes such as card skimming and phishing, hire hit-men and buy drugs. At this point, identity theft to defame a company or individual is a bigger threat than financial crimes.”

Jain found in the hack dump official email IDs and passwords of top  police officials, including DGPs, IGPs, ADGPs, DIGs, SPs, DSPs and more. “The hacker can do things as dangerous as get hold of a cop's Twitter handle through this leak and post provocative messages online. They can also leak security-related data to foreign countries,” Jain says.

Ask Jain how easy or difficult it was to spot this leak, and he says, “SQL injection (a hacking technique where a malicious code can be entered in the website) is a vulnerability found usually in websites. For someone who understands the technology, it is easy to get hold of the data." Deputy Commissioner of Police (Crime) Ram Niwas Sepat said, “I don’t look into these matters.” M D Sharath, Deputy Superintendent of Police in the Cyber Crime police station, refused to comment.

In Clearnet, users may use Chrome to log on to Facebook where their real IP address is recorded. In darknet, TOR browser is used wherein the original IP address is transferred to 7 IPs (proxy servers) before reaching the site. Cyber security expert Tobby Simmons, founder-president, Synergia Foundation, says it is difficult to take down data from the Darknet but it is possible to take it off the Clearnet with intervention from state authorities. As for prevention of leaks, Simmons says, “This is the hard part – it is not possible to prevent leaks. Leaks can happen anywhere – perhaps through a vendor. The challenge is to be aware of such vulnerabilities and plug them as soon as possible.”

Stay up to date on all the latest Bengaluru news with The New Indian Express App. Download now
(Get the news that matters from New Indian Express on WhatsApp. Click this link and hit 'Click to Subscribe'. Follow the instructions after that.)


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp