UIDAI seeks 20 ethical hackers to protect its Aadhaar data, plug security bugs

Amid increasing cyber attacks against key infrastructure and government websites in India, the Unique Identification Authority of India (UIDAI) has quietly announced a “bug bounty program” to hire 20 ethical hackers to protect its website and resources from nation-state bad actors.

The recently-issued circular said that the program will be limited to 20 registered candidates.

“The UIDAI reserves the right to evaluate and select top 20 suitable candidates for participation in the program,” the authority said in its circular.

It added that the candidate should be listed in the top 100 of the bug bounty leaders board such as HackerOne, or Bugcrowd.

The candidate may also be listed in the bounty programs “conducted by reputable companies such as Microsoft, Google, Facebook, Apple etc. or the candidate should be active in the bug bounty community/programmes and should have submitted valid bugs or received a bounty in the last one year”.

The bug bounty program of the UIDAI comes at a time when earlier reports claimed that Chinese state-sponsored hackers allegedly infiltrated and stole data from it.

The authority allayed the fears, saying, the leaking of Aadhaar numbers will not pose any hacking threat to bank accounts.

“Just as by merely knowing your ATM card number, no one can withdraw money from the ATM machine; by knowing your Aadhaar number alone, no one can hack into your bank account and withdraw money,” the UIDAI said while posting some myth busters related to Aadhaar on its website.

“Rest assured, there has not been a single case of financial loss due to Aadhaar. Aadhaar number alone cannot be used for banking or any other service,” it added.

The UIDAI said an independent committee will be formulated to assess and verify the candidates’ credentials, past bug hunting records, citation etc.

“The empaneled/registered participants need to sign a Non-disclosure Agreement (NDA) with UIDAI and abide by the instructions of UIDAI,” it said.

The program comes at a time when a total of 6,74,021 cyber security incidents have been reported this year up to June.

According to data tracked by the Indian Computer Emergency Response Team (CERT-In), a total of 3,94,499, 11,58,208, and 14,02,809 cyber security incidents were reported in 2019, 2020 and 2021, respectively.

The government issues alerts and advisories regarding the latest cyber threats and is operating an automated cyber threat exchange platform for proactively collecting, analyzing and sharing tailored alerts with organizations across sectors for proactive threat mitigation actions, Union Minister of State for Home, Ajay Kumar Mishra, informed the Lok Sabha this week.

The government is also operating the Cyber ​​Swachhta Kendra, which reports malicious programs and free tools to the government.

Also, the National Cyber ​​Coordination Center (NCCC) has been set up to generate necessary situational awareness of existing and potential cyber security threats.

Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.

.

Leave a Comment