Skip to content

Delhi-based hacker arrested for breaching Telangana police’s Hawk Eye app

  • by
  • 3 min read

Following breaches of the Hawk Eye and TSCOP apps used by the Telangana police, the Telangana Cyber Security Bureau (TGSCB) has arrested a 20-year-old Delhi-based hacker, Jatin Kumar. A team travelled from Telangana to Delhi, arresting the accused on July 8.

The hacker reportedly has a history of cybercrime, being arrested by the Special Cell of Delhi’s Dwaraka Police in connection with a data leak involving Aadhaar cards and other sensitive information related to government agencies, according to DGP Ravi Kumar.

The TGCSB used “social engineering techniques” to track down the hacker, despite Kumar’s attempts to hide his identity. He’s also suspected of hacking the TSCOP app, posting the data extracted from both apps for sale on a cybercrime forum for a mere $150. The suspect also provided Telegram IDs, namely, Adm1nfr1end and Adm1nfr1ends, for interested buyers to get in touch.

The investigation is ongoing, with TGCSB director Shikha Goel informing The New Indian Express that the accused claimed to have shared the compromised data and asked for payment via crypto wallets. The police are currently investigating whether or not the data was sold, and if it was, details of the sale will be collected from the crypto wallets.

The breach in question stems from the Hawk Eye app’s SOS button feature, which was used to report crimes or request police help. The stolen database reportedly contains 130,000 SOS records, 70,000 incident reports, and 20,000 travel detail records, in addition to the TSCOP app, which stores criminals’ fingerprint and facial data.

It was reported that the Personally Identifiable Information (PII) of Hawk-Eye users, including names, email addresses, phone numbers, physical addresses, IMEI numbers, phone numbers, and even location coordinates, was leaked in the breach. However, the police claim that no sensitive or financial data of any user has been compromised.

In a press note reviewed by Medianama, the Director General Police (DGP) of Telangana, Ravi Gupta, clarified that the TSCOP was “solely utilised for in-house tasks, guaranteeing no collection of confidential/financial user data.” This comes in response to allegations that Telangana police were collecting details of people checking in at Hyderabad hotels and sharing that information with a US-based blockchain company named Zebichain.

It turns out the company does collect hotel management data and ran a pilot program with Telangana police in 2019, where such data was shared. However, the program reportedly never materialised.

In the News: 170 personal photos of Brazilian children exploited for AI training: Research

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>