In the first part of our series, we disclosed how an exclusive report by The Cyber Express played a pivotal role in the arrest of the hacker responsible for the Hawk Eye app data breach in India. In this second article, we highlight the methods employed by the police to track down the hacker, explore his motives, and discuss the future direction of the investigation.

Hawk Eye App Data Breach: Who is the hacker?

The breach of the Hawk Eye App, a crime reporting forum for citizens in the Indian state of Telangana, was unearthed after a threat actor, who goes by the name “Adm1nFr1end”, offered the personal data of over 200,000 citizens for sale on the BreachForums online hacker site. The hacker shared sample data containing names, email addresses, phone numbers, physical addresses, and location coordinates. Soon after The Cyber Express reported the incident on May 31, the Telangana Police registered a suo moto case just days later on June 4. In its First Information Report (FIR), a written document prepared by the police in India to detail a cognizable offense, the cops in Telangana acknowledged The Cyber Express report and confirmed that the app had been breached.  Meanwhile, the hacker “Adm1nFr1end” continued his spree of cyberattacks and on June 5, breached another app of the Telangana Police called TSCOP which had data of police officers, criminals and gun license holders. The police quickly got into the act and a team of investigators from the Telangana Cyber Security Bureau (TG-CSB) tracked down the accused hacker in Greater Noida, a prominent suburb close to the nation’s capital, New Delhi.  The accused was identified as Jatin Kumar, a 20-year-old undergraduate student pursuing BCA (Bachelor of Computer Applications). 

Hacker Planned Cyberattacks on More Indian Cities

An investigating officer from the Telangana Police, who did not wish to be named, told The Cyber Express that, “Accused Jatin had initiated comprehensive monitoring and vulnerability assessment & penetration testing (VAPT) not only from the Telangana Police but also gained access to police data in the external and internal storage networks and mobile apps in Delhi, Mumbai and other metro cities. He planned to carry out cyberattacks on those cities as well.  “As far as Telangana police data is concerned, prima facie, it looks like the accused gained access to certain data on Hawk Eye app due to weak or compromised password. Despite his best efforts to mask his identity, we tracked him down,” the police source stated.  Without revealing much, the source in the Telangana Police said that the TG-CSB traced him by “running a parallel operation using advanced software and social engineering techniques.”  The police added that Jatin used a fake identity and conducted transactions in cryptocurrency using multiple addresses.  Investigation revealed that the accused had reportedly been into hacking since 2019 and had saved the breached data in his system. Jatin had a history of alleged cybercrimes and was previously arrested in 2023 in New Delhi for leaking data on Aadhar (a biometric identity card for Indian citizens) and sensitive data related to other agencies. However, a chargesheet has yet to be filed against him.  Hawk Eye App Data Breach: A Larger Network of Hackers? Despite the arrest of Jatin, the police are now investigating the possible involvement of a larger network of hackers.  “Jatin had posted the breached data on BreachForums and was selling it for $150 USD. He then asked interested buyers to contact him through Telegram IDs ‘Adm1nfr1end’ and ‘Adm1nfr1ends’ to purchase the data for HawkEye and TSCOP apps. But we are not sure if he is the only culprit. We are now probing if the app data was sold and if so, are tracking down the purchasers through data from crypto wallets,” the police official told The Cyber Express.  The Telangana Police are still currently in New Delhi and are completing the paperwork to bring the accused on a transit remand to Hyderabad (the capital of Telangana) for custody and further investigation.

In a massive breakthrough, an exclusive news report published by The Cyber Express has led to the arrest of a hacker who threatened to sell sensitive data of 200,000 citizens in Telangana State in India. The Hawk Eye App Data Breach was reported by The Cyber Express on May 31, 2024, which stated how a hacker claimed to reveal personal information of users of Hawk Eye, a popular citizen-friendly app of the Telangana State police. [caption id="attachment_73712" align="alignnone" width="720"] Source: Hawk Eye App on Android[/caption] The Telangana Police further acknowledged that the news report on The Cyber Express gave them crucial leads that led to the arrest of the hacker. In the First Information Report (FIR), a written document prepared by the police in India to detail a cognizable offence, the Telangana Police revealed that it was based exclusively on this report by The Cyber Express, that they were also able to verify the data breach on the Hawk Eye app.

Background of Hawk Eye App Data Breach

The Hawk Eye App was launched by the Telangana Police in December 2014 for both Android and iPhone users as part of its initiative to become a citizen-friendly and responsive police force. Denizens were encouraged to use the app to report on a wide range of activities, including traffic violations, passing on information about criminals, violations by police, and crime against women, and also to pass on suggestions to the lawmen for improved policing and to credit the good work done by them. A key feature of the app is the SOS button for accessing help in case of emergencies. On May 29, 2024, a threat actor, who goes by the name “Adm1nFr1end”, revealed that he had breached the Hawk Eye app. He shared that the stolen database had sensitive data of over 200,000 citizens, including their Personally Identifiable Information (PII), names, email addresses, phone numbers, physical addresses, IMEI numbers, and location coordinates. The threat actor had posted samples of the data breach on hacking website BreachForums and was selling this compromised data for USD $150. [caption id="attachment_73714" align="alignnone" width="1123"] Source: X[/caption]

Arrest of Hawk Eye App Data Breach Hacker

In the aftermath of the news report published on this website, the Telangana Police registered a suo moto case on June 4. “We have registered a case and are investigating the hacking allegations and suspected data breach,” said Telangana Cyber Security Bureau (TGCSB) Director Shikha Goel. On June 9, the Telangana Police reported that its Cyber Security Bureau has apprehended a hacker involved in the Hawk Eye app data breach. “Acting swiftly, the TGCSB investigators travelled to Delhi, where they identified and arrested the hacker, who had claimed to have posted the compromised data on a public platform for a price,” the police said in a statement. Sharing details of the arrest, Director General of Police of Telangana Police, Ravi Gupta, who is the top cop of the state, said that the police had used advanced tools to successfully unveil the hacker's identity. He, however, refrained from elaborating on the techniques used to arrest the hacker to ensure secrecy. “The hacker had posted details of the breach on databreachforum.st, offering the compromised data for sale at $150 USD. He provided the Telegram IDs “Adm1nfr1end” and “Adm1nfr1ends” for interested buyers to contact him regarding the Hawk Eye data,” Ravi said. The alleged hacker was identified as Jatin Kumar, a 20-year-old student and a resident of Greater Noida, a prominent suburb in Delhi's National Capital Region. The police also shared that he was arrested earlier in a case for cybersecurity fraud. (This is Part 1 of the article. Click here to learn more about the hacker, why he was selling the data and how the police tracked him down)