Trai Chief Challenges Hackers With His Aadhaar Number – Moments Later, They Leave Him Embarassed
Telecom Regulatory Authority of India (TRAI) chairman RS Sharma was left in an awkward situation on Saturday after he shared his 12-digit Aadhaar number on Twitter and issued a challenge to show that how mere knowledge of the number could be misused. Hours later, his personal details like PAN number and alternative phone number were put out on public domain by hackers triggering a debate on Aadhaar data security.
Sharma had tweeted: “Now I give this challenge to you: Show me one concrete example where you can do any harm to me!”. The challenge by Sharma had got 577 retweets, and 745 likes by late evening.
The tweet was sent as a reply to one @kingslyj’s post at around 1.45 pm. By 6 pm, however, French security expert and Aadhaar critic, who goes by the nickname Elliot Anderson, in a series of tweets had revealed the mobile number linked to the Aadhaar number. Soon, Sharma’s PAN number, alternative phone number, email ID, the phone he was using, his WhatsApp profile pic and some other sensitive data was out in the open.
“People managed to get your personal address, DoB and your alternate phone number. I stop here, I hope you will understand why make (sic) your Aadhaar number public is not a good idea,” Alderson wrote.
Anderson replied to Sharma: “The phone number linked to this #Aadhaar number is 9*********.
“According to an official @nicmeity circular, this phone number is the number of your secretary,” Anderson wrote and posted a link to the Ministry of Electronics and Information Technology circular.
The security researched also posted a picture of Sharma with a portion of it blackened. “I supposed this is your wife or daughter next to you.”
Anderson, who is known to have revealed security loopholes in the Aadhaar data system, also posted screenshots of Sharma’s leaked details with key areas blackened and hidden.
Another hacker, meanwhile, discovered that Sharma was using an iPhone with the said number.
One of the screenshots even carried his PAN details. But that was also hidden.
A few others claimed Sharma’s email security question was his frequent flyer number.
They also discovered that Sharma had not linked his Aadhaar number to a bank account. “I probably need to say it again: I’m not against #Aadhaar. I’m only against people who think that #Aadhaar is unhackable,” Elliot added.
To another users’ comment seeking legal indemnity in case the Aadhaar number was indeed misused, Sharma wrote, “Show me friend! I promise that I will take no action against you”.
When contacted by PTI, Sharma declined to make detailed comment on the matter saying “let the challenge run for some time”.
Sharma, a known defender of Aadhaar, has been maintaining that the unique ID does not violate privacy and the government reserved a right to create such a database of residents since it gives subsidies on state-run welfare schemes.
A Twitter user had earlier asked Sharma to “walk your talk” after the TRAI chief tweeted his interview with an online portal in which he strongly defended Aadhaar and rejected apprehensions that one billion Aadhaar accounts were vulnerable.
He said there had not been a single instance of data being breached and had there been one, the entire Aadhaar database would have been vulnerable.
Amid a debate on privacy concerns, which has also reached the Supreme Court, activists and people in general fear that the 12-digit biometric number was harmful to citizen’s privacy.
Finally the hacker said, “Let’s be clear here, Sharma my man you effed up good. People can do a lot of sadistic things with a name, email, two phone numbers, and even a date of birth. So don’t be too surprised if you find yourself signed up to a bunch of sketchy websites, or receive a delivery at your home for a box of dildos. But hopefully your faux pas will serve to teach you a valuable lesson about your personal privacy online, and show the government that Aadhaar needs a lot of work in the security department.”.