Darknet data vendor’s assertions classed as ‘audacious and far from truth’

The National Internet Exchange of India (Nixi) has denied claims that a data breach at country’s internet registry had the potential to impact more than 6,000 ISPs, government, and private organizations.

On September 29, enterprise security firm Seqrite said it tracked a broadcast advertisement on a darknet platform where an underground actor had touted access to the servers and database dump of an unspecified internet registry.

“Following a detailed research, the team identified the affected organization as India’s National Internet Registry (IRINN),” Seqrite said in a media release.

Posing as an interested buyer, researchers at the security group said the vendor shared a text file containing a list of approximately 6,000 emails, including employees from some of India’s “most important and high-profile organizations”.

The hacker was said to have priced the information at 15 Bitcoins and was offering network takedown of affected organizations for an unspecified amount.

The Bombay Stock Exchange, Reserve Bank of India and numerous ISPs were among the purported list of organizations whose services could have been disrupted by the breach.

In the wake of Seqrite’s announcement, however, Nixi, which oversees the country’s internet registry, put out a statement refuting the claims.

“Nixi hereby clarifies that there has been no serious security breach of its IRINN system, as it has a robust security protocol in place,” it said. “The hacker has no capacity to cause any damage or initiate distributed denial of service to any entity who has been allocated internet resources through IRINN system.

“There was an attempt to penetrate the system and hacker was able to collect some basic profile information of the contact persons of some of the affiliates which was displayed by him on the darknet. The existing security protocol of Nixi is robust and capable of countering such attacks.

“However, following this breach, security protocol has been further strengthened and a review of existing infrastructure has also been initiated.”

The group added: “We assure our affiliates and all concerned that our system is secured and security protocol in practice is capable of handling such attacks. The claim by the actor of darknet is audacious and far from truth.”