The 'French security researcher' who goes by the name of Elliot Alderson on Twitter has captured the headlines in India, again! This time for pointing out that the data on Narendra Modi website is compromised. The vigilante hacker has a special love for the Indian government and some private Indian companies. His Twitter profile interestingly reads, "Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho, Donald Daters and others. Not completely schizophrenic".
Elliot Alderson's real name is Robert Baptiste. He had tweeted yesterday about the vulnerability in India's Prime Minister Narendra Modi's website, https://www.narendramodi.in/. According to him, PM's website was susceptible when opened not only in the staging sub-domain but also for the main website and could let anyone access the sites database. Elderson had tweeted, "A security issue has been detected on your website. An anonymous source uploaded a txt file containing my name on your websites in real-time. He also has a full access to your database. You should contact me in private and start a security audit ASAP!" Alderson also added that he was not the one who uploaded the txt file and that the hacker deleted the file from the app on his request.
A security issue has been detected on your website. An anonymous source uploaded a txt file containing my name on your websites in realtime. He also have a full access to your database. You should contact me in private and start a security audit ASAP!
Regards, pic.twitter.com/AuDupzRlrL- Elliot Alderson (@fs0c131y) January 14, 2019
Taking the claims of Alderson seriously, the IT team that runs Narendra Modi's website reached out to the hacker and fixed the issue. Alderson tweeted, "Contact has been done with their team... I had a nice chat with the narendramodi.in team. They will take the appropriate measures and solve the issue."
Alderson doesn't describe himself as a whistleblower. In one of his interviews to Hindustan Times he said, "I consider myself as a random guy. I am not special or whatever. As I said multiple times, I encourage people to do the same thing."
"I have a standard process, nothing fancy. I am working alone. However, a lot of my followers shared what they find because nobody listen to them or they are afraid to be harassed," he had said.
Other major exploits of 'Elliot Alderson'
Robert Baptiste, a French developer who develops applications for Android platform, and an 'ethical' hacker, had earlier highlighted host of security issues in Aadhaar's Android application, mAadhaar. He had revealed that the developers of the app would string the biometric data in local database, the password of which could easily be obtained. He has also highlighted the vulnerability of Aadhaar in the past.
Alderson also exposed mobile apps used by two of the biggest Indian political parties, Congress & BJP.
He showed that both the apps share users' personal data with third parties.
Alderson called Paytm out for putting the phones of its users at risk by asking them for root access to their devices. He said root access allowed Paytm to access other app information, chat details on the device.
He has also raised security concerns over the security of data stored on the servers of ISRO, Indian Post and BSNL.
Apart from the India centric exploits, Elderson also found some major security flaws in OnePlus phones in the past. Earlier last year, Elderson spoke about OnePlus' clipboard application featuring various keywords, indicating that the company was sending private data to its servers in China.
Edited By: Udit Verma