A 24-YEAR-OLD man from Rajasthan, who was arrested on Tuesday for allegedly posting customer data of telecom firm Reliance Jio on a website, planned to create a search engine by compiling data from all cellular service providers in the country, police have claimed.
The accused, Imran Chhimpa from Churu town, holds a Masters in Computer Application and was placed under arrest after the Maharashtra Cyber Department traced the Internet Protocol address of the website on which he had allegedly uploaded Jio’s customer data.
“The accused had not made attempts to hide the digital trail or mask the server he was using. He was working out of his home,” said a senior police officer.
Chhimpa has been booked by Navi Mumbai Police for theft and introducing a virus into Jio’s computer system. Police said he acquired the user name and password of a Jio retailer and used it to access a mobile application using which retailers make recharges for customers. The application gives retailers access to the firm’s database, said police.
“At home, the accused designed a software, which he used to transfer the data he had obtained from the application on to the website,” said the officer.
However, Chhimpa gained access only to names, phone numbers and e-mail addresses of customers and designed the website in such a way that visitors could search for names or phone numbers of Jio’s 120 million customers.
“To operate the search engine, you would have to know either the name or phone number of a customer. And the most you could learn from search results was the region in which the customer’s phone was active,” said the officer.
“His plan was to create a search engine comprising numbers of cellphone users of all telecom firms. But he had not figured how to acquire data from other firms,” said the officer.
Police are now probing what software Chhimpa used to transfer the data from Jio. He will be brought to Navi Mumbai on Thursday after the police get transit remand from a court in Churu.
On July 9, when the leak became public, a Jio spokesperson said the data uploaded on the website appeared to be “unauthentic” and that the company had informed law enforcement agencies.
“We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken,” the spokesperson had said.