Hyderabad: In an embarrassing and concerning development, massive data from the Telangana police’s network of websites and apps, including TSCOP, was hacked into and leaked online. Data security researcher Srinivas Kodali, who discovered the leak, also shockingly found that the Hyderabad police are collecting data on people checking into hotels, among other things.
The new data breach comes just a few days after it was reported that data from the Telangana police’s citizen service HawkEye application was leaked online as well.
The hacker responsible for the breach of HawkEye is believed to be behind this security breach of TSCOP. This is the third data leak in a week after the Telangana police SMS service portal and HawkEye data leaks.
A preview of the data was shared on BreachForums, a platform where stolen data is sold to cyber criminals. Sensitive details of criminal records, and various law enforcement details, including names, ranks and images of police officials are up for sale on the platform.
The HawkEye data leaked also comprises SOS calls from women, names, emails, phone numbers, locations and other sensitive information of over 2,00,000 users. Reports suggest that a case has been registered with the Telangana State Cyber Security Bureau and an investigation is underway.
The data leak also reflects that Aadhaar data collected by the government of Telangana under a household survey was illegally shared with the Telangana Police, which also has been leaked online.
“Anyone who breached the data of TSCOP can get access to the entire 360-degree profile of anyone in Telangana,” said Kodali.
The TSCOP is the most criticised feature of the Telangana government, which uses facial recognition to detect criminals. The facial recognition software is linked to the mobile app that allows police officers to check the faces of criminals, unidentified bodies or missing persons from anywhere in the criminal database.
These systems, including the HawkEye app, a brainchild of former Telangana director general of police (DGP) Mahender Reddy, were launched in 2018. It was created for internal use by the Telangana police. These apps and systems were also a measure to digitise India as part of the Crime and Criminal Tracking Network & Systems, managed by the National Crime Record Bureau (NCRB).
“Police have powers of surveillance and they have been forcing it on us. And now they have sacrificed the safety of citizens,” added Srinivas Kodali.
All data that is recorded by the Telangana police, including footage from CCTV cameras, is monitored and managed at the Police Command and Control Centre in Banjara Hills, Rd No 12, with walls eighty feet tall, heavy security and a weak privacy and encryption network.
The website of the software company, WINC IT Services, which developed this network is now defunct. “The company embedded passwords as plain text inside the TSCOP app, which also connects to the Crime and Criminal Tracking Network & Systems (CCTNS),” said Kodali.