High-profile hackings of 2015: Telecom Regulatory Authority of India

In Information Security ByTeam Acumin / 27th October 2015

The Telecom Regulatory Authority of India is India’s independent regulator of telecommunications businesses. The organisation was established back in 1997 in order to ensure that telecom services and tariffs were fairly regulated in the country.

What happened?

In April 2015, the Telecom Regulatory Authority of India itself published many thousands of emails that were sent by citizens in India in support of net neutrality as part of the popular SaveTheInternet campaign.

How many records were accessed?

Up to a million emails were published. Data that was released included the names of email senders, their email addresses and the contents of their messages, which quite often contained many of their personal details included in their email signatures.

How it happened

Where this differs from most data breaches is that the body that was holding the date itself released it, whereas it is usually a third party that hacks into the system, steals the data and then publishes it, leaving people who are a part of the database vulnerable.

What’s happened since?

A group going by the name of AnonOpsINdia took down the Telecom Regulatory Authority’s website in protest at the publication of the emails. It claimed responsibility for the hacking on Twitter, and announced that it had used a distributed denial of service, also known as a DDoS attack on the authority.

Speaking after the email publication, lawyer Apar Guptar said that publishing the email addresses opened up the people involved to harassment and spamming, and that if the details of the email exchanges had to be made public they should have been edited to remove personal details.

As a result of their decision to publish the emails, the Telecom Regularity Authority has seen confidence in them plummet to all-time lows, with more Indian people than ever questioning its actions.