Embezzlement Of Telephonic Minutes A Case Study On Data Theft By Hacking

954 views
871 views

Published on

NET4INDIA Case: The present case pertains to online theft of prepaid internet telephony minutes belonging to the complainant company maintained on its server by one of its employees. The said employee unauthorisedly accessed the server containing the PINS of the Internet Telephony minutes which was restricted by password and access was available to only few key employees. The unauthorized access was noticed from unknown (Internet Protocol address) IPs which the offender used to make unauthorized access.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
954
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Embezzlement Of Telephonic Minutes A Case Study On Data Theft By Hacking

  1. 1. HYPERLINK " http://www.neerajaarora.com/embezzlement-of-telephonic-minutes-a-case-study-on-data-theft-by-hacking/" Embezzlement of Telephonic minutes: A Case Study on Data Theft by Hacking<br />NET4INDIA Case: The present case pertains to online theft of prepaid internet telephony minutes belonging to the complainant company maintained on its server by one of its employees. The said employee unauthorisedly accessed the server containing the PINS of the Internet Telephony minutes which was restricted by password and access was available to only few key employees. The unauthorized access was noticed from unknown (Internet Protocol address) IPs which the offender used to make unauthorized access.<br />The brief facts of the case:<br />The company N4India Ltd. (N4India) is engaged in providing a range of internet related services including internet telephony and voice over IP network services. It markets its internet telephony services under the brand name of “Phonewala.com”. <br />Track Online Net India (P) Ltd. is the US Arm of N4India which buys bulk internet telephony minutes from US Companies like; Net2phone, Go2Call etc. The Internet Telephone Minutes (TM) sold in India as (1) Cash Calling Cards (2) Online Cash Cards. The PIN Number of TM is kept online at server of Net2Phone USA (Vendor) under its control –Restricted/protected by passwords to key employees of N4I. <br />The management noticed the theft of internet telephony minutes which was most surprising as the access to the server was restricted by password which was available to few key employees only. The prepaid Internet Telephony cards belonging to N4I were available at cheaper rates in market not sold by Net4India causing it huge revenue loss. <br />How the culprit was caught: Obviously, it appeared to be handiwork of some insider. The investigating agency advised the company to change the password and give access to few select key employees. The idea was to trap the person who is making unauthorized access to the server of Net2phone where the PINS of Internet Telephony minutes belonging to Net4India were stored. The intruder making unauthorized access would surely leave behind its footprint in the form of IP address. As predicted, failed unauthorized access was noticed at the web application of US Company Net2Phone server from a specific set of IP addresses.<br />IP Address captured by Web Application<br />Net2Phone’s application recorded failed/successful login from the IP addresses shown below:-<br />Table A:<br />IP AddressDateTimeEvent221.134.63.15119/08/200502.00 AMIncorrect Password221.134.63.15119/08/200502.04 AMIncorrect Password221.134.63.15119/08/200502.07 AMIncorrect Password221.134.63.820/08/200500.30 AMLogin Success221.134.63.820/08/200500.36 AMLogin Success<br />Thus, someone was trying to make unauthorized access to the web application.<br />Who is the intruder?<br />It was noticed that an engineer of the N4India has accessed his email ID harish.s@n4i.net during the same time (as per IST) from the same IP addresses as above. Thus, he was the culprit and mouse trapped.<br />The log detail of the email ID of Mr. Harish was obtained from ISP:<br />Table B:<br />IP addressDateTimeEvent202.71.133.1218/08/0506.10 PMIP belongs to N4I221.134.63.15119/08/0501.57 AMUser ID: Harish.s@n4i.netMachine ID: 10.251.132.151Franchise Details:B1-43, Near East End Apartments, New Ashok Nagar202.71.133.1219/08/0506.45 PMIP belongs to N4I221.134.63.820/08/0500.28 AMUser ID:Harish.s@n4i.netMachine ID: 10.251.132.151Franchise Details:B1-43, Near East End Apartments, New Ashok Nagar<br />The comparative analysis of the Table A vis-à-vis Table B was made which revealed the following:<br />Unauthorised access made by Harish to the web application but he failed. <br />Harish made unauthorised entry to the Corporate office of the N4I at Noida. <br />He accessed his email account unauthorisedly from the network of one colleague <br />He collected the updated authentication details and sent it by his official mail harish.s@n4i.net to his personal E-mail account. <br />After this he returned home and he tried to access the Net2phone application but his login failed. <br />He again came to the corporate office and managed to get the appropriate password from the computer at corporate office. <br />He returned home and accessed his email account and made a successful login to the Net2Phone application <br />Accused persons arrested: The accused Harish was arrested. He confessed his involvement. He emailed the unauthorized PIN Numbers to his fictitious Email IDs. The PINs & passwords were kept in these emails and forwarded to various buyers. He disclosed the names of buyers; one of such buyer was Mukesh Jindal of Chandigarh. Mukesh Jindal was arrested and he accepted that he purchased TM from Harish and received the same at his personal email ID. The detail of email Id of Mukesh Jindal collected from Rediffmail reveals that said ID was being used by the accused Mukesh Jindal.<br />Collection of electronic evidence:<br />The fake E-mail Id of the Harish was accessed containing pins and passwords to various cash cards of TMs. The data was seized.<br />One hard disk of the computer belonging to Harish was made, seized from his residence:<br />The image copy  prepared, generated hash value. <br />Seizure Memo prepared. <br />The laptop used by Mukesh Jindal containing the email records was seized from him:<br />The image copy  prepared, generated hash value. <br />Seizure Memo prepared. <br />The mirror image copy of the Hard disks were analyzed-Contained incriminating evidence.<br />Accused persons accessed their personal Email Ids- Misappropriated PINS found.           <br />Other connecting evidence collected:<br />The bank account statements of the banks in which money pertaining to misappropriated data exchanged hands. <br />Entry register record establishing the entry of Harish at the Corporate office. <br />Statement of officials of N4I u/s 161 Cr.P.C.. <br />Conclusion of the case: The aforesaid mirror image copy and the hard drive was sent to FSL for forensic report. Forensic Report received corroborating the above facts, thus, connecting the accused persons to crime. Charge sheet against the accused person is filed in the court and awaiting verdict of court.<br /> HYPERLINK " http://www.neerajaarora.com/" Neeraj Aarora<br />(Advocate)<br />

×