[walterbell]

Apparently the breach is now being proxied by the fired private operators through government offices. Can this cashless money flow be traced? Even burner mobile phone numbers are linked to the same compromised national identity database.

Who could benefit indirectly from the breach? Could the Indian government turn to Facebook and WhatsApp for help with identity profiling? Is Facebook Indian data held in Indian data centers?

This story will find its way into future documentaries on the history of "Papers Please".

> in February 2018, the UIDAI terminated all contracts with common service centres as well .. Henceforth, only banks and government institutions like the postal service can enrol Aadhaar users. As a consequence, tens of thousands of young men, with rudimentary education but great familiarity with the Aadhaar system, were put out of work.

> In interviews, out-of-work operators claim they can still use the hacked enrolment software to generate enrolment ids (the first step in the Aadhaar registration process) and have tied up with sources working in authorised centres who complete the registration process for a fee.

> ... creates a whole new set of problems and could defeat many of Aadhaar's purported aims, such as reducing corruption, tracking black money, eliminating fraud and identity theft. It also means that the Aadhaar database is vulnerable to the same problems of ghost entries as any other government database

> the Indian government has sought to make Aadhaar numbers the gold standard for citizen identification, and mandatory for everything from using a mobile phone to accessing a bank account.

> Sourcing the patch is as easy as gaining access to one of thousands of WhatsApp groups where the patch, and the usernames and passwords required to login to the UIDAI's enrolment gateway, are sold for as little as Rs 2,500. Payments are made through mobile wallets linked to phone numbers that quickly go dead after the transactions are complete.

[wiz21c]

>>> Who could benefit indirectly from the breach?

This and who will buy those data ?

Everybody scream about the hack but I've never found a comprehensive study over how these personal data are sold, abused. Maybe to break gazillions of FaceBook/github/you-name-it accounts ? Then what, who will use those data ? Thieves ? Criminals ? If it's just that well, that's a minor inconvenience.

If it's secret services of adversary powers, well, that's a whole lot different.

Anybody has facts on that ?

[wtmt]

> Then what, who will use those data ? Thieves ? Criminals ? If it's just that well, that's a minor inconvenience.

It's only a minor inconvenience if you can sit in a comfortable place and pontificate on Hacker News about these things. Seems like you're not even aware that people have already lost their pension money or bank account balances or didn't get food that they were entitled to and died in the process — everything related to the coercion in the Aadhaar system and how it can be misused by others for fraudulent purposes.

Perhaps your privilege in life is standing in the way of understanding how bad things are with the Aadhaar system. Please search for #AadhaarFail on Twitter, look for articles on scroll.in and thewire.in (two sites that some people do hate) and rethinkaadhaar.in.

[wiz21c]

Now I'm reading my comment again, I see how I offensed some people here. My idea was more like "globally thinking", like in "geopolitics", in that case, even a few deaths is not much (it's like people who allocate money for cancer research : they have to make sure the population is globally better; it doesn't mean every one should get out alive). And my wording was rather poor. Sorry it was absolutely not the idea I wanted to convey. Mea culpa.

[vishnugupta]

I don't have facts/pointers but just an educated guess.

The most probable beneficiaries are food/gas etc., distributors. Pre Adhaar days they used to create fake ration/gas cards and sell food at un-subsidised prices in black market.

A prime (purported) driver for Adhaar to stop creation of these ghost people. Now that ghost Adhaar accounts can be created (per the report) these distributors will get back to their old ways of making money.

India has lot of poor people so the threat vector isn't yet FB/github :-).

[snaky]

> ghost people

Classics. https://www.quora.com/How-exactly-does-the-scam-in-Nikolai-G...