THE 24-YEAR-OLD Rajasthan-based man arrested by the Navi Mumbai police Tuesday for allegedly posting customer data of telecom firm Reliance Jio on a website had purchased the web space from a Goregaon-based web hosting company for around Rs 2,500, police probe has revealed. Imran Chhimpa from Churu town in Rajasthan, had allegedly purchased the website in May this year and made the payment via his own debit card.
He also used his own computer to set up the website, based on which he was eventually arrested. As per cyber cell officers, cyber criminals normally pay via bitcoins and use proxy servers in similar cases of security breach, to remain below the radar.
An officer associated with the probe said, “The website ‘magicapk’ was set up by Chhimpa in May when he purchased space from a Goregaon-based web hosting company. He paid the Rs 2,500 fee for it using his own debit card. The entire transaction was carried out by him using his own computer. The company of course did not know the kind of data he was going to put up on the website.”
According to the police, in cases of online data breach, cyber criminals normally carry out their activity in such a way that the crime is not traced back to them. “In such situations, cyber criminals normally use proxy servers so that the online footprint is not traced back to them.
In our experience, most of them make payments in bitcoins, which again cannot be traced back to the person making the payment,” said an officer.
The police have learnt that Chhimpa wanted to get access to data of other networking service providers too, besides Jio. He was, according to the police, interested in creating a database of telephone numbers in a way that would help anyone to get access to details of others. A senior officer said, “This is what we know so far. He is still in transit remand and should reach Navi Mumbai by Thursday night. Once we interrogate him some more, we will get some more clarity on his motives.”
Chhimpa has been booked by the Navi Mumbai police for theft and introducing a virus into Jio’s computer system. Police said he acquired the user name and password of a Jio retailer and used it to access a mobile application using which retailers make recharges for customers.
The application gives retailers access to the firm’s database. However, Chhimpa gained access only to names, phone numbers and e-mail addresses of customers and designed the website in such a way that visitors could search for names or phone numbers of Jio’s 120 million customers.
On July 9, when the leak became public, a Jio spokesperson had said the data uploaded on the website appeared to be “unauthentic” and that the company had informed law enforcement agencies.
“We have come across the unverified and unsubstantiated claims of the website and are investigating it,” the spokesperson had said.