Hyderabad: Hacker involved in Hawk Eye app data breach held

Hyderabad: In a significant breakthrough, the Telangana Cyber Security Bureau (TGCSB) has apprehended a hacker involved in the breach of the police department’s Hawk Eye application data.

Case details

A criminal case was registered following the detection of a data breach involving the Hawk Eye application, with subsequent leaks concerning TSCOP and SMS services. Acting swiftly, the TGCSB investigators travelled to Delhi, where they identified and arrested the hacker, who had claimed to have posted the compromised data on a public platform for a price.

Upon reporting the incident, the TGCSB immediately registered the case and, using advanced tools, successfully unveiled the hacker’s identity. The hacker had posted details of the breach on databreachforum.st, offering the compromised data for sale at 150 USD. He provided the Telegram IDs ‘Adminfrlend’ and ‘Adminfrlends’ for interested buyers to contact him regarding the Hawk Eye and TSCOP data, respectively.

Despite his attempts to mask his identity, TGCSB personnel utilised social engineering techniques to track him down in Delhi. The hacker was apprehended on Saturday and will be brought to Hyderabad on a transit remand.

Suspect had leaked Aadhaar data too

The police said that the arrested individual has a history of cybercrimes, having been previously involved in a similar case of hacking and was arrested by Special Cell Dwaraka Police Station, New Delhi.

Last year, the accused had also leaked data regarding Aadhaar cards and critical information related to other agencies. The probe is ongoing, with efforts to identify any additional accomplices involved in this case.

‘No sensitive data leaked’

Regarding the current data leak, the police assured the public that no sensitive/financial data of any Hawk Eye user was compromised.

“The Hawk Eye mobile application only retains user information such as mobile numbers, addresses, and email IDs as part of its data repository. Prima-facie, it is suspected that because of a weak/compromised password, the intruder might have obtained access to certain segments of Hawkeye data by generating a report,” the police said.

“As far as the TSCOP is concerned, this application has been solely utilised for in-house tasks, guaranteeing no collection of confidential/financial user data. It is a fact that TSCOP does not collect any visitor/hotel management data, at all. Hence, it is absolutely incorrect to say that TSCOP gave such data to any third party. Therefore, certain related media reports are wrong,” Telangana DGP Ravi Gupta said in a public notice.

Regarding the ‘SMS server URL’ of the Hyderabad City Police, the police said that the claims of the intruder are entirely false as the ‘URL has been defunct and unsubscribed since April 2022, with Hyderabad police ceasing its usage long before that.’

‘Checking all policing platforms for vulnerabilities’

The police said that they have extended the investigation through comprehensive monitoring, vulnerability assessments and penetration testing across all police internal and external networks, web and mobile applications, as well as cloud and endpoints to identify and address any security weaknesses, so as to prevent any future breach.

The department will initiate suitable legal actions against any person involved in spreading wrong and misguiding information among the public besides trying to hamper the ongoing investigation process through such misinformation.