The Telecom Regulatory Authority of India was allegedly hacked. A group, which calls itself AnonOpsIndia, claimed on Twitter on Monday that it had taken down the trai.gov.in website through a distributed denial of service or DDoS attack.
TRAI down! Fuck you http://t.co/5bNzEGt4oU for releasing email IDs publicly and helping spammers. You will be hacked soon!— AnonOpsIndia (@opindia_revenge) April 27, 2015
The alleged hacking occurred hours after the TRAI revealed the email addresses of over one million people who had written to the organisation about their views on a consulation paper on net neutrality. This had made all the respondents' email IDs potentially available to spammers. TRAI officials denied any hacking claims and said that the site was down "due to some technical glitches."
We are just bunch of kids trolling "brilliant" minds at #TRAI who have no clue how to handle such situation. Sorry India, you deserve better— AnonOpsIndia (@opindia_revenge) April 27, 2015
What TRAI publishing your email address on its website means is this: if you did you bit for net neutrality by sending an email to TRAI any time in the past month, you're now a sitting duck for all sorts of spam -- Viagra ads, credit cards, loans, Nigerian princes and more. All a spammer has to do is download the PDF on TRAI's website and skim your email address from it.
This is a privacy nightmare. It's a readymade database for email addresses for unscrupulous companies and it's worth a lot of money, because most of these million plus email addresses are genuine and verified.
"I understand that it is the duty of the TRAI to make everything that they have received public since it is a public consultation after all," says Rajya Sabha MP Rajeev Chandrashekhar who says he is taking up the broader issue of citizens' privacy up in the Parliament. "Still, there is an obligation on them to not reveal personal details like my email address or my phone number."
Lawyer Apar Gupta, who has been an active participant in the SaveTheInternet campaign says that publishing email address in clear text potentially leads to risks such as spamming and harassment of people who have participated in this consultation. "Even if these details were to be provided publicly, they shouldn't have been published in a manner where they could be scraped easily by any email marketer," he says.
Kiran Jonnalagadda, the Bangalore-based software engineer and the person who started SaveTheInternet.in had to say in:
@PranavDixit We have no privacy law in India, AFAIK. You’re screwed.— Kiran Jonnalagadda (@jackerhack) April 27, 2015
Dear TRAI: we love how transparent you're being in this whole net neutrality debate, but seriously, this is a massive breach of citizens' privacy. What are you thinking?