What happened to the NRC Data? A slightly technical analysis on the Missing NRC data in @asiatimesonline that I wrote is up.
asiatimes.com/2020/02/articl…
If you want more technical details, then read further on this thread.
asiatimes.com/2020/02/articl…
If you want more technical details, then read further on this thread.
@asiatimesonline 1. There are 3 domains that we could trace
nrcdrafts.com
thefinalnrc.in
thefinalnrc.com
All of these entries' DNS was changed to 127.0.0.1
(See Screenshots below on timeline)
nrcdrafts.com
thefinalnrc.in
thefinalnrc.com
All of these entries' DNS was changed to 127.0.0.1
(See Screenshots below on timeline)
@asiatimesonline 2. Unlike other media orgs which reported that the data is on nrcassam.nic.in, which is *wrong*, the data actually comes from these 3 domains.
All of them were changed to 127.0.0.1 1 month ago. So if the @HMOIndia knew where to look, this would not have been a surprise.
All of them were changed to 127.0.0.1 1 month ago. So if the @HMOIndia knew where to look, this would not have been a surprise.
@asiatimesonline @HMOIndia 3. Recall that every name has to be translated to an IP Address (Domain Name Service). In this case all these domains are in AWS.
Check the output. This means AWS account is still *active* and has *not expired* unlike others have reported.
Check the output. This means AWS account is still *active* and has *not expired* unlike others have reported.
@asiatimesonline @HMOIndia 4. But wipro engineers' left multiple trails. So we actually found the server that is still running "nrcdrafts.com" via an IP search on shodon.io
Check it yourself below:
https://13.126.0.220/FinalCDraft1/Draft.htm
Story gets even more interesting here
Check it yourself below:
https://13.126.0.220/FinalCDraft1/Draft.htm
Story gets even more interesting here
@asiatimesonline @HMOIndia 5. We found one more IP Address serving nrcdrafts.com
52.66.163.246
See what shodan.io reports
And yes they *were* running splunk on 8089.
And yes it is *owned* by wipro.
52.66.163.246
See what shodan.io reports
And yes they *were* running splunk on 8089.
And yes it is *owned* by wipro.
@asiatimesonline @HMOIndia 6. We also found AWS *has not* expired the account as all the certs issued are still valid. So that leads to only *one conclusion*.
Wipro made all the DNS entries to point to 127.0.0.1 and brought the servers down because of payment issues.
Wipro made all the DNS entries to point to 127.0.0.1 and brought the servers down because of payment issues.
@asiatimesonline @HMOIndia 7. So for the first time, we have a situation that when the govt is telling, it has not lost the data, it is actually true.
But ask yourself, how badly the entire data security regime is managed. It is practically non-existent and runs on gmail.
But ask yourself, how badly the entire data security regime is managed. It is practically non-existent and runs on gmail.
@asiatimesonline @HMOIndia 8. And this is going to be scaled nationally? Whom are we kidding that this is going to even work?
h/t to @kaarana_ community for figuring out a lot of this.
/end
h/t to @kaarana_ community for figuring out a lot of this.
/end
