Mumbai: Jio hack was cyber offence, but possibly not data theft
Investigation into the alleged data theft of Reliance Jio customers has so far not revealed anything to establish if at all there was any data theft, other than the fact that a cyber offence was indeed committed
Investigation into the alleged data theft of Reliance Jio customers has so far not revealed anything to establish if at all there was any data theft, other than the fact that a cyber offence was indeed committed by obtaining illegal access to Jio's systems. Meanwhile, main accused Imran Chhimpa landed in the city on Thursday from Jaipur a little after 7.30 pm.
Prashant Burde, joint commissioner of police said, "We got the transit remand from the local court in Jaipur on Monday evening and our team is expected to return by late Thursday night. We will be probing the case from all angles to rule out any doubts."
As for establishing the data theft, a senior police officer said, "As the FIR has already been registered for data theft, along with Section 43 and 66 of the IT Act, we will have to probe the data theft angle and if we do not find anything to substantiate it, we will have to drop the data theft section during submission of chargesheet."
Cyber crime novice?
However, cops suspect Chhimpa is a novice in the world of cyber crime. "We have found out that the accused had registered himself with website magicapk.com, by paying R4,000 and had furnished his original identity, which he would not have done had he been a professional cyber criminal or if he had an ulterior motive. Furnishing his real information could also mean that he is a novice in the cyber crime world. It was these details that helped the police reach him to Rajasthan," said the officer.
As for Chhimpa, a questionnaire by the Cyber Cell of the Navi Mumbai police awaits him in the city, which he will be asked in a session with senior police officials. The senior police officer told mid-day that Chhimpa, who holds a masters degree in Computer Application, will be produced before the CBD Magistrate court on Friday afternoon, after his medical examination is done. The cops will seek his remand for questioning.
The police officer said preliminary investigation has revealed that the username and password used by Chhimpa were actually allotted to a retailer in Odisha. Reliance Jio has over 108 million subscribers all over India.
"We do not know if Chhimpa has been working alone or with associates or if he hacked into the retailer's computer. The telecom service provider has signed an agreement with the Unique Identification Authority of India (UIDAI) and they verify the credentials of the SIM card user when they visit the gallery," said the police officer.
No Aadhar, PAN leaks
"Our inquires have so far revealed that all retailers have only been provided minimal access for verifying the customer identity through UIDAI. Also, no Aadhar or PAN card details have been leaked out; but more details will come out only during the course of questioning," said a crime branch officer.
A Reliance Jio spokesperson said, "We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken."
Police's questions for Pintoo Chhimpa
>> How did you procure the username and password?
>> Since when have you been using the username and password?
>> Were you doing this at the behest of someone?
>> Did you pay or receive any money for doing this?
>> How did this idea crop up in your mind?
>> What was the intention of starting a portal?
>> Who assisted you in designing the software for your portal?
>> Have you done this before, if yes, then when and where?
Pavan Duggal, SC lawyer and cyber law expert
'The accused managed to get unauthorised access to concerned data and thereby he has committed a cyber offence, punishable under section 43 and66 of the Information Technology Act. If proven guilty, the quantum of punishment will be three years imprisonment and a fine of Rs 5 lakh."
Vijay Mukhi, cyber security expert
'It is an apt case for the police as they need not have to prove lot of things. All they need to ask the accused is how he got access to Jio when he is not an authorised user and that it establishes the offence against him. The need of the hour is to make efforts to reach the level of the rest of the world in handling cyber crime. We need a dedicated cyber court.'
D Shivanandan, former police commissioner
'Our investigations into IT offences is very backward. We need to train the sub inspector rank officials at the entry level itself. Also, the IT Act should be amended so that instead of an inspector, a sub inspector can probe such cases. The judicial academy should emphasise on regular training for judiciary officials.'
Watch Video: Python stopped from swallowing a whole deer
Download the new mid-day android app to get updates on all the latest and trending stories on the go https://goo.gl/8Xlcvr