Cyber Threat Actor: Elliot Alderson
| Actor Type | Location | Known Incidents |
Activist
|
France
|
0 incidents |
|---|
Profile
The threat actoridentified by the aliases @fs0c131y and Elliot Alderson is described in open sources as a French security expert who first gained notice in July 2018. He uses the Twitter handle @fs0c131y and the moniker Elliot Alderson when communicating online. Reporting from that time places him in France, although no additional biographical details such as his real name, employer, or organizational ties are supplied. His public emergence followed a tweet by R S Sharma, the chairman of India's Telecom Regulatory Authority of India, in which Sharma published his 12‑digit Aadhaar number (7621 7768 2740) and challenged anyone to show a concrete harm that could arise from its disclosure. The actor accepted the challenge and announced that he would demonstrate the risks associated with making such an identifier public.
In his reply, the actor disclosed Sharma's personal address, date of birth, mobile number (9958587977), PAN card number, and a WhatsApp profile picture, attaching screenshots where the sensitive fields were blackened to illustrate the extent of the information that could be derived. He quoted the Ministry of Electronics and Information Technology circular that links the phone number to Sharma's secretary and provided a link to that document as evidence. Additionally, he posted a photograph of Sharma with a portion of the image obscured, remarking that the hidden section might show a family member such as a wife or daughter. The actor’s commentary included the statement “I stop here; I hope you will understand why making your Aadhaar number public is not a good idea,” indicating his intent to highlight privacy risks rather than to pursue financial gain or disruption. No mention of malware families, exploit kits, or specific initial access techniques appears in the coverage of this episode, and no connections to state sponsors, criminal syndicates, or larger campaigns are documented. Consequently, the available record characterizes him as an independent security researcher who carried out a single, publicly reported data disclosure aimed at an Indian government official.
