This article is more than 1 year old
MASSIVE FAIL: Indian gov DOXXES net neutrality campaigners
Someone else then comes along and DoSes them
The Telecom Regulatory Authority of India has dumped more than a million Indian netizens' traceable personal details online, after it decided to publish, in full, the emails it received as part of its consultation paper about net neutrality.
Obviously deeply convinced by last week's arguments for transparency in internet governance, the Telecom Regulatory Authority of India (TRAI) laudably decided to publish online every comment it received.
However, among those published comments are more than 1.1m emails from netizens, presented alongside the email addresses and names of those commenting.
The dump potentially hands e-crims some very juicy details with which to phish and spam an enormous number of accounts with some certainty regarding the personal interests and location data of those targeted.
The comments TRAI received from stakeholders were provided in three blocks. The first two were from service providers and India's Service Providers Association. The last block however, which covered “other stakeholders”, included emails from Indian citizens seeking to ensure their access to the internet isn't disrupted by a government which wants to Do Something.
Indian netizens took to Twitter this morning, outraged by the publication.
Idiots at TRAI have revealed valid email ids of some one million people who sent them emails. Spammers are going to have a blast !!
— TANUJ GARG (@tanuj_garg) April 27, 2015
The outrage turned to bemusement when the site suddenly became inaccessible. It has, intermittently, been displaying a server error since late this morning, British time.
#TRAI official relation with corporate houses must be disclosed. W"@kapsology: TRAI Website down now! pic.twitter.com/jNa7Z3SEfY"
— Shánu (@ShanuAhluwalia) April 27, 2015
Predictably, someone operating a Twitter account supposedly linked to hacker collective Anonymous claimed he was responsible.
#TRAI forgot about us hahaha! We reminded them that we are still here. BOOM BOOM http://t.co/5bNzEGt4oU
— AnonOpsIndia (@opindia_revenge) April 27, 2015
But just an alarm for whole #India. You trust incompetent #TRAI who don't know how to deal with DDoS? Seriously sorry guys. Goodluck!
— AnonOpsIndia (@opindia_revenge) April 27, 2015
@tame_wildcard No we just preventing spammers from accessing those Email IDs posted by #TRAI publicly.
— AnonOpsIndia (@opindia_revenge) April 27, 2015
It is unlikely the apparent denial of service attack, noted by The Register when we tried to access the data dump, will have prevented the list of email addresses being shared amongst spammers. However, it does leave netizens who have submitted comments unable to confirm if their addresses have been leaked. ®