The National Logistics Portal (NLP) in India, designed to manage port operations, inadvertently exposed critical vulnerabilities, leaving the country’s seaports susceptible to hacking threats. Researchers discovered on September 24th that the NLP platform was exposing sensitive data, including credentials, secrets, and encryption keys, through publicly accessible JS files.
Additionally, several Amazon Web Services (AWS) S3 buckets containing personal data, worker details, marine crew information, invoices, and internal documents were left open to the public. This security lapse raised concerns about the potential for ransomware attacks and disruptions in India’s port operations and trade.
The exposed AWS S3 keys could have provided unauthorized users with higher privileges, potentially compromising the entire NLP infrastructure. Such an incident could lead to the encryption of critical data, making it inaccessible to authorities responsible for waterways management. The consequences of this breach, including the financial implications of possible ransom demands for decryption keys, are difficult to estimate.
SecurityDiscovery’s CEO, Bob Diachenko, noted the severity of the situation, emphasizing the need for better security practices, especially for a governmental institution like NLP, as such lapses could have a significant impact on the country’s reputation and infrastructure.
The NLP, launched earlier in the year, serves as a comprehensive platform for managing logistics at India’s ports, encompassing tasks such as customs document management, fee payments, shipment tracking, and other port-related activities.
While the issue was eventually fixed after being disclosed to NLP’s managers, the incident underscores the importance of robust cybersecurity measures in safeguarding critical infrastructure, especially in the context of evolving digital systems aiming to streamline complex logistics operations.