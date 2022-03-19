A security lapse exposed India's CISF personnel files and health records

Zack Whittaker
·2 min read

Internal documents, officer health records, and personnel files belonging to India's Central Industrial Security Force were spilling online because of a data security lapse.

A security researcher in India, who asked not to be named for fear of retaliation from the Indian government, found a database packed with network logs generated by a security appliance connected to CISF's network. But the database was not secured with a password, allowing anyone on the internet to access the logs from their web browser.

The network logs contain detailed records of which files on CISF's network were accessed or blocked because of security rules. Because the logs contained full web addresses of documents stored on CISF's network, it was possible for anyone on the internet to access the logs, and then open those files in their browser directly from CISF's network, also without needing a password.

The logs contained records for more than 246,000 full web addresses of PDF documents on CISF's network, many of which relate to personnel files and health records, and contain personally identifiable information on CISF officers. Some of the files are dated as recently as 2022.

CISF is one of the largest police forces in the world with more than 160,000 personnel, tasked with protecting government facilities, infrastructure, and airport security across the country.

The researcher said the security appliance is built by Haltdos, an India-based security company that provides network security technology to organizations. The database was first found to be exposed on March 6, according to Shodan, a search engine for exposed devices and databases. TechCrunch confirmed that the database was configured with the name "haltdos."

Haltdos CEO Anshul Saxena did not respond to multiple requests for comment. TechCrunch also emailed a CISF public affairs officer with several web addresses of publicly exposed files stored on its servers, but we did not receive a response. It's not uncommon for government organizations in India to quietly fix security issues when alerted by good-faith security researchers but then rebuff or deny the claims when they invariably become public knowledge.

The database is no longer accessible, though the security appliance itself appears to still be online.

Read more:

Recommended Stories

  • AstraZeneca ready to scrap plans for U.S. approval of COVID shot - FT

    The company's research and development head, Mene Pangalos, said AstraZeneca would instead focus on selling the vaccine in other countries, though it will continue talks with the U.S. Food and Drug Administration, according to the report. AstraZeneca did not immediately respond to a Reuters request for comment. "We don't need to push it in places we are not needed or wanted," Pangalos told the Financial Times.

  • Second Amazon warehouse in Staten Island sets union election date

    Workers at another Amazon facility nearby will vote later this month.

  • 4 easy things you can do at home that will save you money

    Here are a few ways, big and small, that you can cut down on some common household costs until prices return to normal.

  • How Kremlin accounts manipulate Twitter

    One of the prime sources for fake news on Twitter comes straight from the Kremlin's network of Twitter accounts.

  • A green island turns red: Madagascans struggle through long drought

    With precious few trees left to slow the wind in this once fertile corner of southern Madagascar, red sand is blowing everywhere: onto fields, villages and roads, and into the eyes of children waiting for food aid parcels. Four years of drought, the worst in decades, along with deforestation caused by people burning or cutting down trees to make charcoal or to open up land for farming, have transformed the area into a dust bowl. More than a million people in southern Madagascar currently need food handouts from the WFP, a United Nations agency.

  • Since 2013, Indian billionaires have created more wealth than London’s GDP

    The star of Indian billionaires continues to rise, the pandemic-led slump aside. India added 51 billionaires in 2021, ranking it third among countries with the most number of new wealthy business persons, according to the M3M Hurun Global Rich List for 2022. India now has over 250 billionaires, compared to China’s 1,133 and the US’s 716.

  • Here Are the U.S. Top 10 Imports From Russia as Tariffs Are Set to Rise

    The U.S. House of Representatives passed a bill on Thursday to suspend normal trade relations with Russia and its ally Belarus in response to Vladimir Putin’s decision to invade Ukraine, opening the door for large tariff increases on imports of key commodities and raw materials. Democratic Senate Majority Leader Chuck Schumer of New York said the Senate will soon take up the bill, setting the stage for President Biden to sign in into law as soon as next week. “While it has been clear all week that the House would quickly approve this bill, as of yesterday the inherently political decision to put this bill on the Senate floor had not been made, so this announcement from Schumer represents a material escalation of the sanctions investors can anticipate from the President of the United States in the coming days,” wrote Henrietta Treyz, director of economic policy at Veda Partners in a Thursday note to clients.

  • Home Buyers Are Facing a Triple Threat

    The Federal Reserve's decision to raise rates adds pressure to housing prices that were already rising fast, writes Clare Losey.

  • Zelenskiy relays rescue efforts as Putin holds rally

    STORY: With the charred, bombed-out remains of buildings looming above, bodies lay scattered on the ground of Mariupol Friday, some buried in makeshift graves... others simply covered by debris...remnants of the latest assault on Ukraine’s southeastern city.Video released Friday by the Azov regiment, a former right-wing paramilitary unit which is now part of Ukraine’s National Guard, is said to show a bombed-out theater where Ukrainian officials say hundreds were sheltering at the time of a Russian airstrike this week.Ukrainian President Volodymyr Zelenskiy on Friday said rescue operations were underway."It is known that as of now, more than 130 people were rescued. But hundreds of Mariupol residents are still under the debris. Despite the shelling, despite all the difficulties, we will continue rescue work." Russia has denied bombing the theater or attacking civilians.On Friday morning, black smoke rose over the western city of Lviv, a town that’s drawn hundreds of thousands of Ukrainians seeking shelter away from the frontline of the war.The city’s governor Maksym Kozytskyy announced a Russian strike on an aircraft maintenance facility.“There was a strike against the city of Lviv. Air raid warning system worked. I am grateful to the armed forces as they reacted. Some missiles which were launched from the Black Sea area were intercepted…”Later, more than 100 empty strollers were placed in a Lviv square as part of a campaign highlighting the large number of children killed in the ongoing Russian invasion of Ukraine.Meanwhile, in Moscow…Russian President Vladimir Putin justified the invasion before a packed soccer stadium Friday, announcing to tens of thousands of people waving Russian flags that all of the Kremlin’s aims would be achieved in what Russia calls its “special military operation” in Ukraine and defended against the “genocide” of Russian-speaking people.But Russian troops have taken heavy losses in the past weeks while blasting residential areas to rubble, sending more than 3 million refugees fleeing.Ukraine says it is fighting for its existence and that Putin's claims of genocide are nonsense.Kyiv and Moscow have both described progress in peace talks this week towards a political formula that would keep Ukraine out of the NATO alliance but protected with some other form of guarantee.Ukraine has demanded an immediate ceasefire and withdrawal of Russian troops and both sides accused each other on Friday of dragging out the talks.

  • Shanghai pushes ahead with mass COVID tests as new cases spike

    SHANGHAI (Reuters) -The Chinese commercial hub of Shanghai is pushing ahead with a mass testing initiative as it tries to curb a new spike in COVID-19 infections, but some districts were easing lockdown rules in an effort to minimise disruptions. Shanghai, which has up to now remained relatively unscathed by the coronavirus, has shut schools and launched a city-wide testing programme that has seen dozens of residential compounds sealed off for at least 48 hours. China has been battling its worst COVID outbreak since the virus first emerged in Wuhan in 2020.

  • Mexico Looks to Suspend Crude Export Cuts as Prices Rally

    (Bloomberg) -- Mexico will most likely keep its crude oil exports at about 1 million barrels a day to take advantage of the recent price spike, temporarily delaying President Andres Manuel Lopez Obrador’s plan to halve them as part of his energy self-sufficiency goal, according to a person with direct knowledge of the situation.Most Read from BloombergBiden Warned Xi of ‘Consequences’ for Backing Russia in WarBiden Team Hardens View of China Tilting to Putin on UkrainePutin Likely to Make Nuclea

  • Britain, U.S. warn of satellite communications risks after Ukraine hack

    Britain and the United States have warned organisations of the risks associated with using satellite communications following a cyberattack on satellite internet modems as Russia invaded Ukraine. Western intelligence agencies have been investigating the attack which disrupted broadband satellite internet access provided by U.S. telecommunications firm Viasat, Reuters reported last week. "We've been talking extensively to UK organisations to give them a sense of how we can advise them on that point."

  • Streamers crack down on password sharing as cancellations rise

    Data: Antenna; Note: Services include Apple TV+, Discovery+, Disney+, HBO Max, Hulu (SVOD-only), Netflix, Paramount+, Peacock, Showtime and Starz; Chart: Jacque Schrag/AxiosStreaming companies are cracking down on password sharing, as the number of quarterly subscription cancellations in the U.S. grows.Why it matters: Password-sharing used to be a feature of the video subscription economy, allowing consumers to easily sample content across different services. Now that there's so much competition

  • CISA, FBI warn of threats to US satellite networks after Viasat cyberattack

    The U.S. government is warning of "possible threats" to satellite communication networks amid fears that recent attacks on satellite networks in Europe, sparked by the war in Ukraine, could soon spread to the United States. A joint CISA-FBI advisory published this week urges satellite communication (SATCOM) network providers and critical infrastructure organizations that rely on satellite networks to bolster their cybersecurity defenses due to an increased likelihood of cyberattack, warning that a successful intrusion could create risk in their customer environments. While the advisory did not name specific sectors under threat, the use of satellite communications is widespread across the United States.

  • Russian Cyber Attacks Are Struggling to Impact Ukraine’s Networks

    (Bloomberg) -- Russian cyberattacks have so far struggled to successfully target Ukraine’s critical national infrastructure, according to government officials.Most Read from BloombergBiden Warned Xi of ‘Consequences’ for Backing Russia in WarBiden Team Hardens View of China Tilting to Putin on UkrainePutin Likely to Make Nuclear Threats If War Drags, U.S. SaysUkraine Update: Biden, Xi Stake Out Positions on Russia InvasionRussia Default Fears Ease as Key Debt Payments Reach InvestorsWhile they a

  • Do You Share Your Netflix Password? You May Soon Be Charged Extra

    Netflix is cracking down on password sharing, a practice that has cost the company about $9 billion worldwide, according to a company announcement on March 16. See: Is a Netflix Subscription...

  • What Is Ether? Is It the Same as Ethereum?

    Ether is a means of buying services within Ethereum, and it's structured differently from Bitcoin.

  • Undersea Google internet cable will connect Togo to Europe

    Undersea Google internet cable will connect Togo to Europe.

  • Cybersecurity Stocks Could See Huge Growth as Russia-Ukraine War Spurs More Cyberattacks

    Experts and politicians have been warning Americans about the increasing threat of cybersecurity attacks from Russia as of late. In turn, some analysts have been very bullish on the sector's economic...

  • Without Robots, DAOs Will Never Progress Beyond Their Current Level

    Artificial intelligence would eliminate human error from current DAO models.