[Clewza313]

This smells a bit off: why is there no detail whatsoever on what exactly they breached? The "Indian Government" (central, state, other?) is a sprawling octopus that employs on the order of 50 million people, and there's a world of difference between breaching the public site of the Department of Fertilizers (https://fert.nic.in/) vs getting into the internal systems of the Ministry of External Affairs. The only clue appears to be those 14,000 police records.

Update: the leader of the "Sakura Samurai" appears to be 15 years old, which explains a lot.

https://mobile.twitter.com/jacksonhhax

[eganist]

John Jackson (johnjhacking) is not jacksonhhax, though they're both part of the same group.

For context, John's a vet who's employed in the field. And beyond that, he's published other sound security research in the past, e.g. https://johnjhacking.com/blog/cve-2020-28360/ (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2836..., which links https://github.com/frenchbread/private-ip)

As for the attribution chain to sakurasamurai.org, reference the following:

• twitter.com/johnjhacking refers users to

• twitter.com/sakurasamuraii, which links

• sakurasamurai.org in a pinned tweet.

Source: I know John personally.

[jcims]

I think that Twitter user is just a member. One of the founders is https://twitter.com/johnjhacking who proclaims to have a full time job and be a disabled vet.

[DyslexicAtheist]

whoever is behind it I find it hard to blame them. As they write on their blog:

>> Governments have an obligation to protect the private data of its employees and citizens. In addition, the exposure of proprietary government data can be used for great means of manipulation and for other destructive purposes. While the NCIIPC operates a Responsible Vulnerability Disclosure Program, the recklessness and avoidance of communication represents the complete opposite of a responsible program. <== from https://johnjhacking.com/blog/indian-government-breached-mas...

Enough has been said by people inside and outside of India about UIDAI / Aadahaar[0][1] and it's many horrible side-effects and risks it creates. This situation that has been created years ago after loud warnings of researchers and citizens who have meanwhile been silenced by the Modi government (who are the real culprits here).

India has done this to its people already years ago, therefore breaches here today are mere symptoms of incompetence (not the cause).

[0] Aadhaar: 'Leak' in world's biggest database worries Indians https://www.bbc.com/news/world-asia-india-42575443

[1] French Hacker transcends Aadhaar UIDAI helpline number to millions of Android phones in India https://www.cybersecurity-insiders.com/french-hacker-transce...

[LockAndLol]

> Unfortunately, what seemed like a done deal turned out to be quite the unprofessional ride. Any organization knows that fixing breach-worthy vulnerabilities is extremely time sensitive. Once threat actors catch wind of major vulnerabilities against an organization they begin poking on their own, looking for more vectors of attack.

Do you expect them to tell everybody exactly which systems are vulnerable? What is it you're suggesting they do?

[sbarre]

I believe they are suggesting that the systems be fixed in a timely manner.

That was my read of the article.

[sneak]

> why is there no detail whatsoever on what exactly they breached?

Because this is an ad.

[joshuaissac]

> Update: the leader of the "Sakura Samurai" appears to be 15 years old, which explains a lot.

What does it explain? Anyone who is not familiar with the branches of the Indian government could have omitted specific details of which departments were hacked.

[Clewza313]

It explains that the whole press release/site down to the branding looks like amateur hour: https://sakurasamurai.pro/

[bdcravens]

Looks like every other text file I've seen from hacking groups over the last 25 years, which is the aesthetic they're going for.

[perryizgr8]

"Indian government" means central government, not state. Just like "US government" always refers to the federal government.

[DavidSJ]

I would have the same question of the US federal government being breached: which systems, exactly?

[Clewza313]

In Indian usage, yes, but this appears to have been written by a bunch of American teenagers.

[ethbr0]

Well, we can't expect every hacker to know what they're looking at...

> Game List

>> GLOBAL THERMONUCLEAR WAR

[DyslexicAtheist]

premature attribution is as much a fallacy and problem as ignoring risks that lead to a breach in the first place.