In the first part of our series, we disclosed how an exclusive report by The Cyber Express played a pivotal role in the arrest of the hacker responsible for the Hawk Eye app data breach in India.
In this second article, we highlight the methods employed by the police to track down the hacker, explore his motives, and discuss the future direction of the investigation.
Hawk Eye App Data Breach: Who is the hacker?
The breach of the Hawk Eye App, a crime reporting forum for citizens in the Indian state of Telangana, was unearthed after a threat actor, who goes by the name “Adm1nFr1end”, offered the personal data of over 200,000 citizens for sale on the BreachForums online hacker site. The hacker shared sample data containing names, email addresses, phone numbers, physical addresses, and location coordinates.
Soon after The Cyber Express reported the incident on May 31, the Telangana Police registered a suo moto case just days later on June 4. In its First Information Report (FIR), a written document prepared by the police in India to detail a cognizable offense, the cops in Telangana acknowledged The Cyber Express report and confirmed that the app had been breached.
Meanwhile, the hacker “Adm1nFr1end” continued his spree of cyberattacks and on June 5, breached another app of the Telangana Police called TSCOP which had data of police officers, criminals and gun license holders.
The police quickly got into the act and a team of investigators from the Telangana Cyber Security Bureau (TG-CSB) tracked down the accused hacker in Greater Noida, a prominent suburb close to the nation’s capital, New Delhi.
The accused was identified as Jatin Kumar, a 20-year-old undergraduate student pursuing BCA (Bachelor of Computer Applications).
Hacker Planned Cyberattacks on More Indian Cities
An investigating officer from the Telangana Police, who did not wish to be named, told The Cyber Express that, “Accused Jatin had initiated comprehensive monitoring and vulnerability assessment & penetration testing (VAPT) not only from the Telangana Police but also gained access to police data in the external and internal storage networks and mobile apps in Delhi, Mumbai and other metro cities. He planned to carry out cyberattacks on those cities as well.
“As far as Telangana police data is concerned, prima facie, it looks like the accused gained access to certain data on Hawk Eye app due to weak or compromised password. Despite his best efforts to mask his identity, we tracked him down,” the police source stated.
Without revealing much, the source in the Telangana Police said that the TG-CSB traced him by “running a parallel operation using advanced software and social engineering techniques.”
The police added that Jatin used a fake identity and conducted transactions in cryptocurrency using multiple addresses.
Investigation revealed that the accused had reportedly been into hacking since 2019 and had saved the breached data in his system. Jatin had a history of alleged cybercrimes and was previously arrested in 2023 in New Delhi for leaking data on Aadhar (a biometric identity card for Indian citizens) and sensitive data related to other agencies. However, a chargesheet has yet to be filed against him.
Hawk Eye App Data Breach: A Larger Network of Hackers?
Despite the arrest of Jatin, the police are now investigating the possible involvement of a larger network of hackers.
“Jatin had posted the breached data on BreachForums and was selling it for $150 USD. He then asked interested buyers to contact him through Telegram IDs ‘Adm1nfr1end’ and ‘Adm1nfr1ends’ to purchase the data for HawkEye and TSCOP apps. But we are not sure if he is the only culprit. We are now probing if the app data was sold and if so, are tracking down the purchasers through data from crypto wallets,” the police official told The Cyber Express.
The Telangana Police are still currently in New Delhi and are completing the paperwork to bring the accused on a transit remand to Hyderabad (the capital of Telangana) for custody and further investigation.
