Cops suspect that the man may be involved in numerous data theft cases, and had set a target of making many crores via data theft.
Central Crime Branch officials have said that the 25-year-old hacker was arrested in Bengaluru on Wednesday for helping drug peddlers in the city to procure drugs through the darknet has revealed his modus operandi. The CCB was led to the techie, Sri Krishna alias Sreeki, when they were interrogating eight persons in the Bengaluru drugs case including Darshan Lamani, the son of former Congress minister Rudrappa Lamani, who was arrested recently. Darshan Lamani was arrested for sheltering and hosting two of his friends who turned out to be drug peddlers in Goa.
Sri Krishna allegedly hacked into gaming platforms and stole points, which is used to procure bitcoins. He used the cryptocurrency to buy drugs from the dark web, according to the police. Police said that he procured the drugs after instructions from another accused in the case — Suneesh Hegde, a construction company owner in Bengaluru. Upon his arrest, the CCB has now uncovered his alleged involvement in multiple cyber crimes involving data theft and his modus operandi.
The police say Sai Krishna used online gaming platforms with chat boxes to communicate with buyers of data but most times, Sri Krishna allegedly walked up to people on the road and asked them if he could use their phone as he had lost his. “He would tell them he had to get in touch with someone urgently and download Wickr app on the stranger’s phone.” Wickr is an encrypted messaging app, which also has a ‘burn-on-read’ setting, where the recipient will have access to the message only for a limited time after receiving it.
“He would communicate with whoever necessary (referring to buyers of data) and leave. In the Wickr app, he would use the setting where the message would get deleted a few seconds after it was received by the person on the other end,” the CCB source said.
Police said that Sri Krishna was friends with an accused person in the drug case — a construction company owner named Suneesh Hegde. “Suneesh Hegde treated Sreeki like a son. They would both extort money from private companies after stealing data. If the companies did not pay them, they would end up selling the data to a third party. We are still getting names of all the companies websites Sreeki hacked into,” the CCB source added.
CCB officials said that the hacker used a wireless auditing platform to hack into WiFi servers of private companies and government agencies, where he stole data and sold it for money. “He began explaining to us how he did it and we realised that he is a very talented hacker,” a CCB source said.
Police said that he allegedly used Hak5’s WiFi Pineapple device and used it as a rogue access point to conduct man in the middle (MitM) attacks. Hak5’s WiFi Pineapple is a device which is used by network security administrators to detect whether systems have been compromised. It can also be used as a rogue access point by black hat hackers. One example of a MitM attack is active eavesdropping, in which the attacker is able to detect communication between two parties online without detection.
Sri Krishna would allegedly take the device within the range of a certain WiFi network’s range and use wireless hacking tools to obtain the passwords of the said WiFi servers.
Once he had the passwords, he would be able access the usernames and passwords of people who used the said WiFi network as he would be able to mirror the online activities on his laptop. CCB sources said that Sri Krishna allegedly stole credit card data from a private company and sold it to an Australian national.
“He had a target to make a certain amount of through data theft. We suspect that so far he has made Rs 18 crore by selling data to third parties on the dark web,” the police said.
Sri Krishna did not have a mobile phone. When the CCB questioned him about his cellphone, Sri Krishna allegedly laughed and told the police that “no good hacker would make the mistake of using a cellphone”, the CCB source said.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.