KillSec, a relatively unknown hackers' group, has made headlines recently for its targeted cyberattacks on Indian government institutions, with a primary focus on extortion. Their latest attack targeted India's capital police, specifically their traffic violation database, with claims of breaching the system and offering to manipulate the payment status of issued traffic fines. This marks the group's third known ransom-demand cyberattack on Indian government entities.
Under the moniker "KillSec" or "Kill Security," the group has taken a bold approach, releasing a sample of leaked data to apply pressure on the Delhi Police, which falls under the purview of the Union Home Ministry, to engage in negotiations. The leaked data includes sensitive information such as vehicle plate numbers, photos captured during the issuance of traffic fines, violation details, and even the contact information of the law enforcement officers involved in issuing the fines.
In an audacious move, the hackers have offered to update the payment status of fines for ten individuals as a demonstration of their capabilities. They claim to have access to approximately 2.5 lakh such entries, indicating the scale of their breach.
KillSec's modus operandi extends beyond targeting Indian government institutions, as evidenced by their previous cyberattacks on entities such as the Kerala Police and Paschim Banga Gramin Bank, which operates in West Bengal. Their methods involve demanding ransom payments in exchange for not publicizing the stolen data. For instance, they have set a deadline for Paschim Banga Gramin Bank to pay 10,000 Euros or risk having their data made public.
The group operates within the clandestine realm of the dark web and encrypted messaging platforms, ensuring anonymity and secure communication. They employ apps like Session and Tox, which do not require users to register with personal information and offer end-to-end encryption to safeguard communications. Additionally, ransom payments are exclusively accepted in cryptocurrencies, particularly Monero (XMR), further complicating law enforcement efforts to track transactions.
While KillSec portrays itself as acting in the interest of the public, researchers suggest that their motivations are primarily financial rather than strictly ideological. Their tactics exemplify an evolving cyber threat landscape, where hacktivist groups seek to leverage illicit means, such as extortion, for financial gain and to make a significant impact in the digital domain.
