93 mn DND numbers are on sale on Darkweb
2020-02-13![93 mn DND numbers are on sale on Darkweb 93 mn DND numbers are on sale on Darkweb](https://varindia.com/storage/news/uploads/2018/02/5e4523642db63.jpg)
A cybersecurity startup, based out of Kochi has found a file containing around 93 million phone numbers registered with the Telecom Regulatory Authority of India’s National Do Not Call Registry (NDNS) which is kept on sale on the Darknet.
Nandakishore Harikumar, Chief Executive Officer (CEO) of Technisanct, said their threat analysis team found the massive breach of data a couple of days back. The total file size of the file is 10.5 GB. it is circulated on a data-sharing platform. The data has been placed on sale on the dark web for a price of fewer than 10 dollars.
“These data are to be shared only with registered telemarketing people and are supposed to be stored confidentially. According to our analysis, this leak must have happened somewhere around June or July 2019. There are multiple complaints registered with brands by individuals for making calls to DND numbers. Norms are being violated in handling DND numbers by the agency concerned. We did a random check of 300 numbers from the database and identified that they all are registered for DND,” he said.
The company has already informed about the matter with Telecom Regulatory Authority of India (Trai), the Union Ministry of Communication and Information Technology and Indian Computer Emergency Response Team (CERT).
“We have shared complete details with the agencies concerned. Trai has to check whether any data hack has taken place. The DND numbers are to be shared only with the registered telemarketing firms,” Nandakishore said.
The DND numbers are maintained by the NDNS. To block service calls and SMSes a consumer needs to send a message. In recent months, several users who have activated DND reported that they have been receiving service calls and messages.
“After going through the complaints on DND, we started searching such data on the dark web and hackers’ forums. The DND is supposed to be very confidential and not to be shared on any platforms. In the US, DNDs are well maintained, but it seems accessing DND numbers in India is an easy affair,” Nandakishore said. An email query did not elicit any response from Trai.
Renowned cyber forensic expert Vinod Bhattathripad said if DND mobile phone numbers are available on the dark web for sale, it might be hacked either from servers of telecom companies or from Trai.
“The DND system across the globe has become a failure as DND-enabled mobile phones still get the service messages. Usually, companies have to procure commercial SIM cards to sent service messages. However, once DND details are leaked, messages can be sent from even ordinary personal use SIM cards. A marketing agency that has not registered with Trai can also send SMSes using leaked details. The marketing agencies who have already registered with Trai may not able to use the hacked details as their messages will be blocked at the server itself. However, several telemarketing agencies are operating without any registration,” he said.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.