Hawk Eye app hacker arrested by Telangana police
Hyderabad: In a significant breakthrough, the Telangana Cyber Security Bureau(TGCSB) has apprehended a hacker involved in breaching the data of the Hawk Eye application of the Police Department.
The police have arrested 20-year-old-student, Jatin Kumar from Greater Noida on Saturday. In a series of data breaches Hawk Eye application, TSCOP and SMS services of Telangana state police were allegedly hacked. Subsequently, Telangana police booked a case and started investigation.
The TGCSB investigation team hopped in on the suspect Jatin Kumar at Delhi. The team reached the national capital and arrested the hacker, who had claimed to have posted the compromised data on a public platform for a price.
Investigation revealed that the hacker had posted details of the breach on databreachforum.st, offering the compromised data for sale at $150 USD. He provided the Telegram IDs Adm1nfr1end and Adm1nfr1ends for interested buyers to contact him regarding the Hawk Eye and TSCOP data, respectively.
Despite his attempts to mask his identity, TGCSB personnel utilized social engineering techniques to track him down in Delhi. Further probe revealed that the arrested individual has a history of cybercrimes, having been previously involved in a similar case of hacking and was arrested by New Delhi police. Last year, the accused had also leaked data regarding Aadhaar cards and critical information related to other agencies.
20-yr-old student from #Delhi arrested for Hacking #HawkEye and #TSCOP applications of #TelanganaPolice.
The hacker Jatin Kumar sitting in Noida kept the Telangana police on their toes for the past few days. #CyberCrime #CyberSecurity #Hacking #Hacker #Hyderabad #Telangana pic.twitter.com/CxuPCL5vtA
— Surya Reddy (@jsuryareddy) June 9, 2024
No sensitive data is compromised
The Telangana police claimed that no sensitive/financial data of any user has been compromised. The Hawkeye mobile application only retains user information such as mobile numbers, addresses, and email IDs as part of its data repository. Prima-facie, it is suspected that because of a weak / compromised password, the intruder might have obtained access to certain segments of Hawkeye data by generating a report.
Further Telangana police rebuked the claim that TSCOP gave Data to any third party. “As far as the TSCOP is concerned, this application has been solely utilized for in-house tasks, guaranteeing no collection of confidential/financial user data. It is a fact that TSCOP does not collect any Visitor / Hotel Management Data, at all. Hence, it is absolutely incorrect to say that TSCOP pushed / gave such Data to any third party” said Telanagan police in an official statement.
In the case of the SMS server URL of the Hyderabad City Police, the intruder claims are entirely false as the URL has been defunct and unsubscribed since April 2022, with Hyderabad City Police ceasing its usage long before that.
In addition to investigating the data breach incident, we have also initiated comprehensive monitoring, vulnerability assessments and penetration testing across all police internal and external networks, web and mobile applications, as well as cloud and endpoints to identify and address any security weaknesses, so as to prevent any future breach.
“The hacker was apprehended on Saturday, and will be brought to Hyderabad on a transit remand.The probe is ongoing, with efforts to identify any additional accomplices involved in this case” said Telangana police.