1. The report explicitly did not call out portal.uidai.gov.in/cas/login was the one that is compromised first.
Link :buzzfeed.com/pranavdixit/in… .
3. So the seller is not the king pin, but a cut-out.
6. But then why did they need this login at all?
7. The answer is @UIDAI's enrolment model.
8. @NandanNilekani brilliant idea of outsourcing enrolment was just not for speed but also for reducing costs.
10. That is a lot of money. To break even the operator needs a continuous stream of revenue.
11. But that is shutdown from March because of rampant issues
Link: scroll.in/article/826089…
13. Again why is this rampant? It is because the enrolment model itself is unviable to begin with for operators.
15. They can't enroll, make updates. But PVC Cards they can make and got the logins. However the demand is again not high.
17. These guys sold access to Ring 2 (Our stupid) which @rachnakhaira contacted. He made one more login.
19. The idea that caused this C-Sec breach is not only "technology stupidity" but "operational and financial stupidity".
21. Outsourcing is at the heart of this mistake. There is no tech. fix for this.
23, That is why expecting @NandanNilekani to fix this won't work. You can't roll back time with a 20/20 hindsight. Good luck @nixxin on trying to think about how to.
#