Reports have emerged that about an alleged breach in the Tamil Nadu Police Facial Recognition Portal. A threat actor identifying as ‘Valerie’ has asserted responsibility for infiltrating the database of the portal (http://frs.tnpolice.gov.in) along with obtaining personal details of police officers.
The alleged leaked data reveals that over 8,00,000 lines of information have been exposed. The compromised data encompasses FIR details, including FIR numbers, dates, particulars of involved individuals, and physical addresses, as well as contact information of police personnel. This significant security breach underscores vulnerabilities within critical public safety infrastructure, emphasizing the urgent requirement for fortified security measures.
The portal hosts the facial recognition software employed by the Tamil Nadu police, facilitating searches for criminals, missing persons, and others via facial recognition technology. The data comprises FIR specifics such as FIR numbers, dates, involved party details, physical addresses, and contact details of approximately 50,000 police officers.
A senior police official has rebutted claims of a server breach, attributing the compromise to a compromised admin login, which has since been rectified, reassuring that there’s no cause for alarm.
Merely 8 months ago, in September 2023, the Crime and Criminal Tracking Network and Systems (CCTNS) website of the Tamil Nadu police purportedly fell victim to hacking attempts by suspects operating from South Korea. While the hackers demanded $20,000 for restoration, prompt action from the State police led to alerting the Electronics Corporation of Tamil Nadu (ELCOT) to dismantle the links and secure the data. The incident has impacted various e-services provided by the Tamil Nadu police. A preliminary probe uncovered that the hackers exploited weak passwords associated with two logins to breach the website.
Though the e-services remain unaffected, the Face Recognition System (FRS) retains data on known criminals and habitual offenders. Field officers utilize a mobile application to cross-check suspect identities by uploading their photos, which are then compared with the FRS database to trigger alerts.
The e-services grant access to First Information Reports, investigation statuses, road accident details, among other information. These options are safeguarded by One-Time Password (OTP) authentication, making unauthorized access challenging, as explained by a senior police official to The Hindu.
Acknowledging the targeting of two logins with weak passwords in the CCTNS hack, the official stated that a comprehensive investigation has been initiated. E-services have been largely restored, with the FRS link anticipated to be reinstated shortly. Data backups are in place, and a vulnerability assessment will be conducted to ascertain potential data theft. Strengthening measures such as a two-step verification process are underway to fortify access to police website services. Timely intervention by alerting ELCOT and other agencies facilitated damage control, as per an unnamed official. Intensive efforts are being made to trace cybercriminals operating overseas. Additionally, the system encompasses information pertaining to the salaries of the state’s police force, managed by the State Crime Records Bureau (SCRB), with the CCTNS developed and maintained by a prominent software firm.
STATE POLICE FACIAL RECOGNITION SOFTWARE PORTAL IS HACKED
A threat actor named Valerie has claimed responsibility for accessing the database of the Tamil Nadu Police Facial Recognition Portal (https://t.co/eFd4nKTGbX) as well as the personal details of police officers.
There… pic.twitter.com/WEOSybLRU9
— A Selvaraj (@Crime_Selvaraj) May 4, 2024
Look like the data has been breached from deepika PC police station basin bridge ? @chennaipolice_ pic.twitter.com/bNGwMhWNNj
— kish (@iamkissh) May 4, 2024
(With Inputs From The Hindu)
Subscribe to our channels on Telegram, WhatsApp, and Instagram and get the best stories of the day delivered to you personally.