WikiLeaks reports can put India’s aadhaar security at risk

WikiLeaks claimed that the securities of the aadhaar data are in danger. Hence, it can put the aadhaar security at risk. As we have been getting the news about the threat. As a result, it can cause a huge disruption for India. In addition, WikiLeaks issued a memo, claiming that US based firm, CIA is massively spying on aadhaar data. And, It prompts concern for the aadhaar security.

Furthermore, WikiLeaks is a non-profit firm who reveals the secret and classified information anonymously. And consequently, make that info publicly available to everyone so that one could see, what's going on in reality. Hence, the motive which drives the WikiLeaks is:

Image Source
Image Source


Therefore, this means that CIA is observing millions of Aadhaar database and that can leads aadhaar security in peril. And it is also stealing the private data of the Indians. Furthermore, the sources from CIA's "ExpressLane" project was released by the WikiLeaks as part of its "Vault-7" series. Look at the below tweet by the WikiLeaks itself:


Image Source

Image Source


Aadhaar Security: Central Intelligence Agency (CIA)

The Central Intelligence Agency(CIA) is a civilian foreign intelligence service of the United States federal government. It mainly focused on gathering, processing, and analyzing national security information from around the world. In addition, it primarily focused on providing intelligence for the President and Cabinet.

How CIA can gain the access of Aadhaar data in real-time:

Aadhaar security has been an important concern since aadhaar has been issued. In addition, there are a number of CIA’s threat methods are available for physical presence. And these methods can exploit the entire aadhaar security. And, these methods can also invade high-security networks such as victim record database. Therefore, in such cases, a CIA officer, agent or assigned intelligence officer, physically reached out to the targeted place. In addition, the attacker is provided with a USB media containing malware developed for the CIA, especially relevant for threat purpose. And finally, this setup is inserted into the targeted computer. Hence, the attacker infects and extract the data into removable media.  Here is the tweet about the aadhaar security that has been officially claimed by the WikiLeaks:


Image Source

Image Source



The Allegation: CIA is spying on Aadhaar data with the help of Crossmatch technologies

Consequently, as we have seen earlier that the US's intelligence firm CIA gather, process and analyze the aadhaar security data secretly. So, aadhaar security became the first most subject of concern. Therefore, as per the WikiLeaks reports, CIA is involved in a large amount of biometric data of citizens throughout the world. And in addition, the basis of the hidden information about the aadhaar security operation is Crossmatch. Since Crossmatch is a biometric Identity leader and a global provider of identity management solutions. The first suspect about the aadhaar security goes to Crossmatch.

Surprisingly, it's that same organization which has been involved in several secret cases. Because the data given by this firm helped the US government to identify Osama Bin Laden in the Pakistan before he was executed.

India is relying on this firm for their aadhaar security. And, coincidentally its the same firm who is providing biometric solutions for India. Therefore, the very first doubt goes to Crossmatch obviously. And as a result, it might be the case that CIA and Crossmatch are spying on the aadhaar security collectively.


Crossmatch Technologies refused the allegation:

Furthermore, between all these hue and cry, Crossmatch notified the media that they don’t have the capability or the technology to spy/steal the data related to aadhaar security.

In a report, John Hinmon, vice president of global marketing speak out on aadhaar security at Crossmatch Technologies and said, "Crossmatch’s fingerprint scanners and software allow end users to capture, store and process those images in their own systems, under security protocols. And these protocols have been defined by that end user. Since these systems are accessible only by trusted 'administrative users.' To be straight, this is the case with India UID. All software utilized with our scanners was developed, tested and certified under the direction of the India UID."

In addition, he clearly said that "Crossmatch does not capture, store or process any private information, in any way such as fingerprint images, collected by any of its customers and will keep the aadhaar security in mind."


UIDAI also declined any details of this type: Aadhaar Security

In addition UIDAI, the unique identification authority of India also denies any such basis of stealing the data related to aadhaar security. Since, UIDAI was built with the purpose to issue Unique Identification numbers (UID), named as "Aadhaar", to every resident of India. And it also makes us believed that aadhaar security would not be compromised. So that, as a result, it could be:

  • Robust enough to remove duplicate and fake identities, and

  • Verified and authenticated in a cost-effective way.

Consequently, UIDAI also said that there are some implicit elements who are spreading this rumor over the Crossmatch and aadhaar security. The biometrics being hold for aadhaar is reportedly spied by the CIA. In addition, UIDAI also claimed that Aadhaar data is totally safe. And, aadhaar security is our first most concern. Hence, it is externally/internally tested via Standardised Testing Quality Certification (STQC). Therefore, no such leaks can never happen in future.


Consequences and implications, while aadhaar data would be stolen:

Let's look at the consequences if we won't consider aadhaar security seriously. FInally, it can cause huge complications on the common people, who have registered/enrolled for the UIDAI. And it can cost the Indian aadhaar security in a huge way. As a result, the major consequences that it can leave on the Indians could be like:

  • Since UIDAI is almost necessary for every citizen and by accessing the databases one can easily get all the personal information of the concerned person.

  • In addition, once biometric identity has been breached it's unusable for life, hence this makes biometric authentication particularly risky.

  • While, aadhaar has been mandatory for everyone, hence, one can easily spy on the user's bank details and other important information.

  • Furthermore, given the size of India’s population, something like the Aadhaar security probably seems like the most noteworthy way to organize the payments of subsidies and benefits.


Therefore,  it would be really surprised if CIA or any other intelligence firm has not yet collected Aadhaar data of Indians. And, by the way, we should be aware regarding anything related to aadhaar security. Hence, if the WikiLeaks reports are really precise, and the CIA has somehow determined to compromise the data available with Cross Match. Then probably it is a deep concern for the aadhaar security and the data related to the same.