Hyderabad: The Telangana police has arrested the hacker who was responsible for leaking sensitive and a massive amount of data from the state police’s network of websites and apps, including the TSCOP app. The 20-year-old hacker had also leaked data from the Telangana police’s citizen service HawkEye application, and pretty much put everything online for sale.
The hacker, identified as Jatin Kumar, a native of Jhansi, Uttar Pradesh, was arrested by the Telangana Cyber Security Bureau (TSCSB) on June 8, said state director general of police Ravi Gupta on Sunday, June 9. Acting swiftly, the TGCSB investigators travelled to Delhi after identifying the hacker and arrested him. However, the police also maintained that no data was compromised, even though security experts said that public data was compromised.
The accused had also leaked data regarding Aadhaar cards and critical information related to other agencies, said the Telangana police. “The probe is ongoing, with efforts to identify any additional accomplices involved in this case. It is also brought to the notice of the public through the media, that no sensitive/financial data of any user has been compromised,” stated Ravi Gupta
According to the Telangana police, the hacker had posted details of the breach on databreachforum.st, offering the compromised data for sale at as less as just 150 US dollars. “He provided the Telegram IDs Adm1nfr1end and Adm1nfr1ends for interested buyers to contact him regarding the Hawk Eye and TSCOP data, respectively,” said the Telangana DGP.
Data security researcher Srinivas Kodali, who discovered the leak earlier this week, also shockingly said that the Hyderabad police is collecting data on people checking into hotels, among other things.
The police said that despite trying to mask his identity, TGCSB personnel used ‘social engineering techniques’ to track him down in Delhi. The hacker will be brought to Hyderabad on a transit remand, and he has a history of cybercrimes. The accused was previously involved in a similar case of hacking and was arrested by the Special Cell Dwaraka Police Station, New Delhi as well.
Police denies collection of private data, says password was weak
Telangana DGP Ravi Gupta also stated that the police’s Hawkeye mobile application only retains user information such as mobile numbers, addresses, and email IDs as part of its data repository. “Prima-facie, it is suspected that because of a weak / compromised password, the intruder might have obtained access to certain segments of Hawkeye data by generating a report,” he said in a release.
About the TSCOP app, the Telangana DGP said it is utilized for in-house tasks, “guaranteeing no collection of confidential/financial user data”. He also categorically denied Kodali’s statement that the police is collecting information of people checking into hotels. “It is a fact that TSCOP does not collect any Visitor / Hotel Management Data, at all. Hence, it is absolutely incorrect to say that TSCOP pushed / gave such Data to any third party. Therefore, certain related media reports that appeared in newspapers are denied,” he added.
Apart from the ongoing investigation, the Telangana police said it is also initiating a comprehensive monitoring, vulnerability assessments and penetration testing across all police internal and external networks, web and mobile applications. This is being done so as to prevent any future breach. The Telangana DGP also said that the department will initiate suitable legal actions against any person “involved in spreading wrong and misguiding information among the public besides trying to hamper the ongoing investigation process through such misinformation”.
