Books on hacking, along with other computer hardware have been seized from the possession of Imran Chippa, a computer science drop out, arrested in connection with unauthorised access to Reliance Jio’s database, Maharashtra Police said.
“During the searches at the residence of 35-year-old Chippa, we found books on hacking and related material apart from the desktop, laptop, pen drive and other devices,” Balsingh Rajput, Superintendent of Police, Maharashtra Cyber Cell, told PTI. “We will interrogate him about possible hacking on Internet in connection with the data leak case,” he said.
The team of Maharashtra Cyber Cell, Crime Branch of Navi Mumbai Police, Vigilance and Security department officials of Reliance-Jio, are returning to Mumbai with the arrested accused Chippa tonight from Jaipur, another official said.
Chippa will be kept in custody of Navi Mumbai Police, where he will be interrogated by Maharashtra Cyber and Navi Mumbai Police team, he said. The police had said that he had gained unauthorised access using some credentials into a part of the database and put them on a website, which led to widespread concerns on data security.
On reports of Chippa trying to create a ‘search engine’, Rajput said it is premature to say anything before a thorough investigation is carried out. A day after the arrest of Chippa in the Reliance Jio (RJio) data breach case, the police had said it was a case of “unauthorised access” into the company’s database and “not of a theft.”
“It is not a theft, even though while filing the complaint they (RJio) had stated it as a theft. Now it is almost sure that he (the accused) was actually accessing the data in an unauthorised manner,” Navi Mumbai Deputy Commissioner of Police Tushar Doshi told PTI.
The Rabale (Navi Mumbai) MIDC Police had on Monday registered a case against unidentified persons in connection with data theft. RJio is headquartered in the satellite city. Doshi explained as part of its regular operations, RJio–whose subscriber base had crossed 100 million within six months of the launch–makes certain data available to its retailers which was made available through the website and the arrested person gained unauthorised access to the company’s servers.
Asserting that this excludes sensitive details like Aadhaar details or PAN numbers, Doshi said one was able to get a RJio subscriber’s name, email ID, SIM activation date, telecom circle and alternate number by putting the RJio number in the search command.
Reliance was one of the first operators to add customers solely on the basis of Aadhaar details as address and identity proof. Later, the government made it mandatory for all new connections to be activated against Aadhaar details.
“It is not that data is entirely visible there. You will get details only on the RJio number. There is a search engine on the website,” Doshi explained. The presence of Aadhaar details, which includes biometrics, had raised concern in certain quarters after the data breach came to light over the weekend. “It will take some time to know Chippa’s modus operandi and the number of people involved in the data leak,” the official said.
A resident of Sujangarh town in Rajasthan, Chippa had made the website Magicapk. He claimed to provide Jio user data through his website, police said. In a statement on late Sunday evening, the company had said claims of the website were “unverified” and “unsubstantiated”.
“Prima facie, data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement,” it had said.
Jio further said it has “informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken”. After the police complaint was lodged, the Mumbai Police reached Churu after tracking the IP address and took Chippa into custody on Tuesday evening.
Following the data leak, the domain of the website has been suspended. An analysis by the Maharashtra Cyber Police headed by IG Brijesh Singh led investigators to zero in on the location from where the suspected data breach had happened, he said.