Maharashtra police have arrested a 35-year-old computer science dropout from Rajasthan in connection with the leak of a database of Reliance Jio which has affected nearly 120 million users.
The Maharashtra police has recovered 50 SIM cards, a computer, mobile phone and other devices from the convict's house, Imran Chippa, who is a droupout of the Bachelor of Computer Science, in Churu District of Rajasthan.
"Most of the SIM cards recovered are of Reliance-Jio," Balsingh Rajput, SP (Maharashtra Cyber Cell) told PTI. He further said, "We are interrogating Imran to ascertain the purpose for which he had obtained these cards".
"During the searches at the residence of 35-year-old Chippa, we found books on hacking and related material apart from the desktop, laptop, pen drive and other devices," he said.
The investigating team said that they will get to know about the impact of the data leak only when Forensic team would analyse the computer hard disk, pen drive, and other devices seized.
"It will take some time to know Chippa's modus operandi and the number of people involved in the data leak," the official said.
He was produced in a local court in Jaipur, and was sent to custody of Cyber Police on transit remand.
The team of Maharashtra Cyber Cell, Crime Branch of Navi Mumbai Police, Vigilance and Security department officials of Reliance-Jio, are returning to Mumbai with the arrested accused Chippa tonight from Jaipur, another official said.
Chippa will be kept in custody of Navi Mumbai Police, where he will be interrogated by Maharashtra Cyber and Navi Mumbai Police team, he said.
Yesterday, the police had said that he had gained unauthorised access using some credentials into a part of the database and put them on a website, which led to widespread concerns on data security.
On reports of Chippa trying to create a 'search engine', Rajput said it is premature to say anything before a thorough investigation is carried out.
A day after the arrest of Chippa in the Reliance Jio (RJio) data breach case, the police had said it was a case of "unauthorised access" into the company's database and "not of a theft."
"It is not a theft, even though while filing the complaint they (RJio) had stated it as a theft. Now it is almost sure that he (the accused) was actually accessing the data in an unauthorised manner," Navi Mumbai Deputy Commissioner of Police Tushar Doshi told PTI.
The Rabale (Navi Mumbai) MIDC Police had on Monday registered a case against unidentified persons in connection with data theft. RJio is headquartered in the satellite city.
Doshi explained as part of its regular operations, RJio--whose subscriber base had crossed 100 million within six months of the launch--makes certain data available to its retailers which was made available through the website and the arrested person gained unauthorised access to the company's servers.
Asserting that this excludes sensitive details like Aadhaar details or PAN numbers, Doshi said one was able to get a RJio subscriber's name, email ID, SIM activation date, telecom circle and alternate number by putting the RJio number in the search command.
Reliance was one of the first operators to add customers solely on the basis of Aadhaar details as address and identity proof. Later, the government made it mandatory for all new connections to be activated against Aadhaar details.
"It is not that data is entirely visible there. You will get details only on the RJio number. There is a search engine on the website," Doshi explained.
The presence of Aadhar details, which includes biometrics, had raised concern in certain quarters after the data breach came to light over the weekend.
"It will take some time to know Chippa's modus operandi and the number of people involved in the data leak," the official said.
According to the police, a resident of Sujangarh town in Rajasthan, Chhipa owned a website Magicapk. He claimed to provide Jio user data through his website, police said.
After the police complaint was lodged in Mumbai, a team of Mumbai Police led by the Assistant Commissioner of Police Deepak Dhole reached Churu, after tracking the IP address and took Chhipa into custody.
However, Jio has said that the claims of the website were "unverified" and "unsubstantiated".
The comapany has released a statement stating that users data is safe and secure, "Prima facie, data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement."
It further said that, "informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken."
from E Hacking News - Latest Hacker News and IT Security News http://ift.tt/2v1Tm16
via IFTTT
Tags:
News
