Elliot Alderson sends information of vulnerabilities he found on BSNL. he released this from his twitter handle “fs0c131y”.
It looks like he has found multiple vulnerabilities like sql injection, ransomware attacks on two servers and broken authentication. he claims some of these vulnerabilities were reported by another hacker in India 2 years back and BSNL did not respond back.
It is unclear if this hacker passed on some of the vulnerabilities to “Elliot Alderson”
According to the hacker, “You will find multiple issues with different level of severity. All these issues have been reported to BSNL via Twitter. I discussed with @BSNLCorporate and a member of their IT team. They acknowledged the issues and fixed them”.
It is very interesting to note, BSNL has talked to the hacker and worked on their issue and patched/fixed/taken down some of these site. Most of the vulnerabilities have been addressed.Contrary to the claims, BSNL action has been proactive.
The same hacker had earlier identified vulnerabilities in multiple website like Indian express, aadhar, punjab police and Bangalore police.
It is unclear if law enforcement agencies have registered cases to pursue the hackers.
“Law enforcement agencies can take action if the affected parties register compliant”, says a senior law enforcement officer.
According to a Mumbai based IT security company , “we believe the intrusion are from hackers in india(who may have used vpn and tor) to hide their identity, If the hackers only wanted to expose vulnerabilities, they should work with penetration testing company who are CERTIN Empaneled. They will earn out of this exercise”.
Another IT Security Company who worked for close to 20 years in information security says, “This is work of a script kiddie. BSNL security was like 0/10 and this guys skill is 1/10.”