Hacker involved in police data breach arrested: Telangana DGP

NewsDrum Desk
New Update

Hyderabad, Jun 9 (PTI) A hacker, who was allegedly involved in breaching the data of ‘Hawk Eye’ application of Telangana police and claimed to have posted the compromised data on a public platform for a price, has been arrested, police said on Sunday.

The Telangana Cyber Security Bureau (TGCSB) investigators travelled to Delhi, where they identified and arrested the hacker (20) on Saturday and he will be brought to Hyderabad on a transit remand, Telangana DGP Ravi Gupta said in a release.

The case was registered following the detection of a data breach involving the Hawk Eye application, with subsequent leaks concerning TSCOP (app) and SMS (police SMS service portal) services.

Upon reporting the incident, the TGCSB registered the case and, using advanced tools, unveiled the hacker's identity, who was found to have a history of cyber crimes, police said.

The hacker had posted details of the breach on databreachforum.st, offering the compromised data for sale at USD 150, the release said adding he provided the social media platform IDs for interested buyers to contact him regarding the Hawk Eye and TSCOP data, respectively.

The probe is ongoing, with efforts to identify any additional accomplices involved in this case, police said.

No sensitive/financial data of any user has been compromised, they said.

"Despite his attempts to mask his identity, TGCSB personnel utilised social engineering techniques to track him down in New Delhi," the DGP said.

The arrested accused has a history of cybercrimes, having been previously involved in a similar case of hacking and was arrested by police in New Delhi, police said.

Last year, the accused had also leaked data regarding Aadhaar cards and critical information related to other agencies, they said.

The Hyderabad Police in 2014 launched the mobile phone application (Hawk Eye) to empower members of the public, improve their security and reach out to them at the time of distress.

The Hawk Eye mobile application only retains user information such as mobile numbers, addresses, and email IDs as part of its data repository, police said.

Prima-facie, it is suspected that because of a weak /compromised password, the intruder might have obtained access to certain segments of Hawk Eye data by generating a report, police said.

As far as TSCOP is concerned, this application has been solely utilised for in-house tasks, guaranteeing no collection of confidential/financial user data, the release said.

With regard to the SMS server URL of the Hyderabad City Police, the intruder's claims are entirely false as the URL has been defunct and unsubscribed since April 2022, with Hyderabad City Police ceasing its usage long before that, police said.

The Telangana Police chief further said in addition to investigating the data breach incident, they have also initiated comprehensive monitoring, vulnerability assessments and penetration testing across all police internal and external networks, web and mobile applications, as well as cloud and endpoints to identify and address any security weaknesses, so as to prevent any future breach. PTI VVK VVK KH