Police Arrest Reliance Jio âHackerâ in Under 24 Hours
In early July, a hacker leaked the data of Reliance Jio customers through a clearnet website. The site revealed a subscriber’s name, subscription date, and account email address. Reliance, however, denied that any breach had occurred. Internet users then spotted an Alphabay vendor selling info on 120 million users of a âlarge Indian telecommunications company.â After denying that anyone compromised customer data, a hacker was arrested for doing just that.
Reliance Jio, in spite of numerous complaints from users who had validated their information on the hackerâs website, called the claims âunsubstantiated.â The Alphabay post never mentioned the telecom company by name, but Reliance Jio fit the description and had roughly 120 million subscribers.
Something odd and majorly unreported by the media appeared upon examination of the breach timeline. Customers reported a data breach in Julyâshortly after a hacker created âmagicapk.com.â The site allowed users to enter their Jio number and, in return, received their personal subscriber information and potentially their Aadhaar number. The hacker, imranchimpa, posted a link to the website on July 5.
Media outlets, after the discovery of magicapk.com, discovered an Alphabay forum post advertising data of 120 million subscribers. The post, however, was dated March 8, 2017. On July 5, someone uploaded a photo of a screenshot of that Alphabay forum post to Imgur. That “someoneâ was the same as the poster of the Jio databaseâthe OP and the username of the signed-in user who took the screenshot matched.
Many users confirmed the magicapk.com database with their Jio number. Reddit users in India posted several threads in /r/India wherein Jio subscribers posted confirmations. Including some that registered Jio accounts within a week of magikapk. The Alphabay database, while seemingly posted by the same user, could not possibly contain Jio subscribers that had joined after the date database theft. This led to the belief that the leak was the work inside if an insider who had access to Jio servers.
Nevertheless, Jio denied a breach:
âWe have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken.â
Jioâs complaint into the âunauthenticâ data came to a head when Maharashtra Cyber police arrested a 24-year-old from Rajasthan. They charged him in connection with the breach. The suspect, Imran Chhimpa (aka imranchimpa from the clearnet forum post), was arrested not even 24 hours after the police began the investigation. They simply traced his IP addressâhis home IP address. âThe accused had not made attempts to hide the digital trail or mask the server he was using. He was working out of his home,â an officer said.
Police said he had stolen the credentials to a Jio billing application from a Jio retailer. The app allowed the user to access the entire Jio database. âAt home, the accused designed software [that he used to] transfer data he had obtained from the application on to [magicapk.com],â the officer explained.
âHis plan was to create a search engine comprising numbers of cellphone users of all telecom firms,â the superintendent said. âBut he had not figured how to acquire data from other firms.â
The non-hacker obtained every Jio subscriberâs data with stolen retail credentials. And that data included, for some customers, the controversial Aadhaar identification number. The responses are currently mixed. Some commenters joked about the search engine notion; some expressed surprise that a simple retailer had complete access; and others simply spoke unfavorably of the push to implement Aadhaar numbers as a digital identityâa data vulnerability on its ownâespecially with current UDAI database leaks.