UIDAI seeks 20 ethical hackers to protect its data, plug security bugs

New Delhi, July 23 (IANS) Amid increasing cyber attacks against key infrastructure and government websites in India, the Unique Identification Authority of India (UIDAI) has quietly announced a “bug bounty programme” to hire 20 ethical hackers to protect its website and resources from nation-state bad actors.

The recently-issued circular said that the programme will be limited to 20 registered candidates.

“The UIDAI reserves the right to evaluate and select top 20 suitable candidates for participation in the programme,” the authority said in its circular.

It added that the candidate should be listed in the top 100 of the bug bounty leaders board such as HackerOne, or Bugcrowd.

The candidate may also be listed in the bounty programmes “conducted by reputable companies such as Microsoft, Google, Facebook, Apple etc. or the candidate should be active in the bug bounty community/programmes and should have submitted valid bugs or received bounty in the last one year”.

The bug bounty programme of the UIDAI comes at a time when earlier reports claimed that Chinese state-sponsored hackers allegedly infiltrated and stole data from it.

The authority allayed the fears, saying, the leaking of Aadhaar numbers will not pose any hacking threat to bank accounts.

“Just as by merely knowing your ATM card number, no one can withdraw money from the ATM machine; by knowing your Aadhaar number alone, no one can hack into your bank account and withdraw money,” the UIDAI said while posting some myth busters related to Aadhaar on its website.

“Rest assured, there has not been a single case of financial loss due to Aadhaar. Aadhaar number alone cannot be used for banking or any other service,” it added.

The UIDAI said an independent committee will be formulated to assess and verify the candidates’ credentials, past bug hunting records, citation etc.

“The empanelled/registered participants need to sign Non-disclosure Agreement (NDA) with UIDAI and abide by the instructions of UIDAI,” it said.

The programme comes at a time when a total of 6,74,021 cyber security incidents have been reported this year up to June.

According to data tracked by the Indian Computer Emergency Response Team (CERT-In), a total of 3,94,499, 11,58,208, and 14,02,809 cyber security incidents were reported in 2019, 2020 and 2021, respectively.

The government issues alerts and advisories regarding the latest cyber threats and is operating an automated cyber threat exchange platform for proactively collecting, analysing and sharing tailored alerts with organisations across sectors for proactive threat mitigation actions, Union Minister of State for Home, Ajay Kumar Mishra, informed the Lok Sabha this week.

The government is also operating the Cyber Swachhta Kendra, which reports malicious programmes and free tools to the government.

Also, the National Cyber Coordination Centre (NCCC) has been set up to generate necessary situational awareness of existing and potential cyber security threats.

–IANS
na/sks