Sep 12, 2017 02:08 PM IST | Source: Moneycontrol.com
The incident once again highlights vulnerabilities in the Union government's identity project.
Moneycontrol News
The Uttar Pradesh police on Monday busted a gang from Lucknow for allegedly stealing fingerprints of Aadhaar enrolment operators.
The gang cloned fingerprints of operators to access nodal body Unique Identification Authority of India's data in order to create fake Aadhaar cards, according to multiple media reports. Apart from the fingerprints, the gang also managed to devise a way to bypass retina scanning.
The arrests have been made in connection with an FIR filed by the UIDAI on August 16 this year.
The incident once again highlights vulnerabilities in the Union government's identity project.
UIDAI had initially introduced fingerprint security for Aadhaar. However, when hackers started cloning fingerprints, the iris scanner was introduced as a part of the authentication process.
With hackers creating a system to bypass this second layer of security as well, the police have decided to conduct a "security audit" of the enrollment process.
As per the current system, while enrolling a new user, an authorised operator accesses the system using fingerprints and retina scan.
In this case, the accused used images of fingerprints of operators and printed them on butter paper. These were then placed on a sheet of light-sensitive resin and exposed to ultra-violet light. These, at the end, looked like a rubber stamp that were pressed down on a biometric machine.
The hackers then developed a software to bypass the retina scan.
The Ministry of Electronics and Information Technology official told India Legal that that while Aadhaar is a social revolution, India needs a cyber security system to protect its data.
"As things stand now, there are too many holes in the security set up which are being exploited by hackers. We have to prepare ourselves for a flood of cyber-related crime once the linkage happens. To make matters worse, no one is clear about the volume of Aadhaar data that has already been stolen or accessed by the wrong people,” the official said.
Security concerns surrounding Aadhaar have been growing of late.
According to government data, nearly 164 government websites were hacked in 2015. Between November 2016 and June 2017, a total of 50 cyber incidents affected 19 financial organisations, Union minister Hansraj Gangaram Ahir said.
A recent report by Deloitte on Cyber Regulation in Asia Pacific states that while the government’s Digital India is a good initiative, it does need a cyber security framework.
Ahir further said that the government has set aside Rs 1,000 crore for a research and development fund for cyber security. The funds will be used for upgrading technological capacity over the next five years.
Recently, a report quoting WikiLeaks data said that devices used to record biometric data for Aadhaar could have been compromised.
However, the UIDAI denied of any such leak and said that the biometric information is protected by best available security measures. The government said that the data is stored in UIDAI servers that are fool-proof. The data centres are protected physically as well as hardware and the devices are checked multiple times to ensure safety.