India’s National Internet Registry (IRINN)’s Hacked Data being Sold Underground

A cyber security company on 29th September, discovered a possible breach at India’s National Internet Registry-IRINN and notified it to the Indian government.

The company, in its blog, said that they discovered about the breach via an advertisement that the hackers had apparently had put up as - “access to the servers and database dump of an unspecified Internet Registry” on a darknet platform.

Upon further research and interacting with the seller, the team confirmed that the breach was legitimate and the unspecified registry was IRINN when they discovered critical data of some of the most important and high-profile organizations of India.

The Indian Registry for Internet Names and Numbers (IRINN) provides allocation and registration services of IP addresses(the internet address used by devices to reach other devices on the internet) and Autonomous System numbers. It comes under NIXI (National Internet Exchange of India) which “is the neutral meeting point of the ISPs in India with the primary objective being the facilitation of exchange of domestic Internet traffic between peering ISP members.” - reads their website.

The dealer, during a conversation with the security team which was posing as an interested buyer, said: “In client database, you can get username, email ids, passwords, organisation name, invoices/billing documents, and few more important fields. You can also control IP range of respective organisation. You can entirely shut down that organisation. Selling it for 15 BTC.”

15 BTC presently evaluates to ~INR 42 lakhs.