Home

About

Neeraj Aarora: FICWA, LLB, PGD (Cyber, DLTA & ADR), MBA (IT), CFE (USA)
A Platform to discuss & analyse the Financial and Cyber Forensic, including the various legal w ays to tackle Financial, Cyber and Share frauds w ith various Legal Forms and Investigating Authorities.

Popu lar Post s

1. C y ber criminal a rre ste d through digital footprint- An excellent job by Special C ell, Delhi Police 2. "Ev ery ma n's house is his castle: Right to privacy and Information Technology (Amendment) Bill, 2006 3. D OC TRINE OF S OVEREIG N IMMUNITY 4. Pry ing ey es on priva cy through peeping toms 5. S EC URITIES FRAUD DABBA TRADINGApplicability of C riminal Statute 6. Money C irculation S cheme or Money C heating Scheme 7. Identity Theft or Identity Fra ud 8. S EB I should promo te transparency in bourses by implementing RTI Mechanism 9. Fak e S ocial Ne tworking

Embezzlement of Telephonic minutes: A Case Study on Data Theft by Hacking

T HIS POST WAS WRIT T EN BY NEERAJ AARORA ON SEPT EM BER 21, 2009 POST ED UNDER: DAT A T HEFT ,INFORM AT ION T ECHNOL OGY ACT ,INT ERNET FRAUD

If you're new here, you may w ant to subscribe to my RSS fee d . Thanks for visiting! NET4INDIA Case: The present case pertains to online theft of prepaid internet telephony minutes belonging to the complainant company maintained on its server by one of its employees. The said employee unauthorisedly accessed the server containing the PINS of the Internet Telephony minutes w hich w as restricted by passw ord and access w as available to only few key employees. The unauthorized access w as noticed from unknow n (Internet Protocol address) IPs w hich the offender used to make unauthorized access. The brief facts of the case: The company N4India Ltd. (N4India) is engaged in providing a range of internet related services including internet telephony and voice over IP netw ork services. It markets its internet telephony services under the brand name of

Su bsc ribe t o Feeds

1. 2. 3. 4. 5. RSS F EE DS

Wh at Were Readin g
1. D ev elopment B log

Searc h for:

2. D ocume nta tion 3. Plugins

Search

4. S uggest Ideas 5. Support Forum 6. Theme s

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

New hot app: Facebook Albums To PDF

pdfcrowd.com

Profiles Still Big ProblemWhat To Do 10. C y ber Imposter created fake profile of President of India

Phonew ala.com. Track Online Net India (P) Ltd. is the US Arm of N4India w hich buys bulk internet telephony minutes from US Companies like; Net2phone, Go2Call etc. The Internet Telephone Minutes (TM) sold in India as (1) Cash Calling Cards (2) Online Cash Cards. The PIN Number of TM is kept online at server of Net2Phone

221.134.63.151 19/08/2005 Passw ord 221.134.63.8 20/08/2005 AM Success 00.30 Login 02.07 AM Incorrect

L at est Post s
1. Will You B e My V a le ntine ? 2. C ENSORING THE UNC ENSORABLE 3. B lowing the Whistle 4. D ABB A TRA DING G OES ONLINE 5. Phishing Sca ms in India a nd Lega l Prov isions 6. Plea Ba rgaining- A New Development in the C riminal Justice System 7. C y berspa ce-A new front of war 8. FIR in C y ber Squa tting: Misinterpretation of IT Act 9. C y ber Imposter created fake profile of President of India 10. Forensic A ccounta nt: Reliability & admissibility as Expert Witness

USA (Vendor) under its control Restricted/protected by passw ords to key employees of N4I. The management noticed the theft of internet telephony minutes w hich w as most surprising as the access to the server w as restricted by passw ord w hich w as available to few key employees only. The prepaid Internet Telephony cards belonging to N4I w ere available at cheaper rates in market not sold by Net4India causing it huge revenue loss. How the culprit was caught: Obviously, it appeared to be handiw ork of

some insider. The investigating agency advised the company to change the passw ord and give access to few select key employees. The idea w as to trap the person w ho is making unauthorized access to the server of Net2phone w here the PINS of Internet Telephony minutes belonging to Net4India w ere stored. The intruder making unauthorized access w ould surely leave behind its footprint in the form of IP address. As predicted, failed unauthorized access w as noticed at the w eb application of US Company Net2Phone server from a specific set of IP addresses. IP Address captured by Web Application Net2Phones application recorded failed/successful login from the IP addresses show n below :-

A rc h iv es
1. Februa ry 2012 2. D ecember 2011 3. Nov ember 2011 4. August 2011 5. March 2011

Table A: IP Address 221.134.63.151 ord 221.134.63.151 ord Date 19/08/2005 19/08/2005 Time 02.00 AM 02.04 AM Event Incorrect Incorrect Passw Passw

4. Da bba Tra ding 7. WordPress Pla ne t 5. D ata The ft 6. E-C ommerce Fra ud

13. Obscenity / Pronogra phy 14. Other La ws 15. S ha res Fra ud 16. Unca te gorized

Cat egories
1. C y ber Forensics 2. C y ber La wy er 3. C y ber Offenses / C ontravention

7. Fina ncia l fore nsics 8. Identity Theft 9. Informa tion Technology A ct 10. Intellectua l Property Right 11. Internet Fra ud 12. IT Amendment Act Are you a developer? Try out the HTML to PDF API New hot app: Facebook Albums To PDF

Met a
1. Re giste r 2. Log in

open in browser PRO version

pdfcrowd.com

6. D ecember 2010 7. Nov ember 2010 8. S eptember 2010 9. June 2010 10. May 2010 11. A pril 2010 12. Februa ry 2010 13. Ja nua ry 2010 14. D ecember 2009 15. October 2009 16. S eptember 2009 17. July 2009 18. June 2009 19. May 2009 20. March 2009 21. Februa ry 2009 22. Ja nua ry 2009

221.134.63.8

20/08/2005

00.36 AM

Login Success

Thus, someone w as trying to make unauthorized access to the w eb application. Who is the intruder? It w as noticed that an engineer of the N4India has accessed his email

ID h a ris h .s @n 4i.n e t d uring the same time (as per IST) from the same IP addresses as above. Thus, he w as the culprit and mouse trapped. The log detail of the email ID of Mr. Harish was obtained from ISP: Table B: IP address 202.71.133.12 221.134.63.151 Date 18/08/05 19/08/05 Time 06.10 PM 01.57 AM Event IP belongs to N4I User ID: 10.251.132.151Franchise Details:B1-43, End 202.71.133.12 221.134.63.8 19/08/05 20/08/05 06.45 PM 00.28 AM Ashok Nagar IP belongs to N4I User ID:Ha ris h .s @n 4i.n e tMachin e ID: 10.251.132.151Franchise Details:B1-43, End Ashok Nagar Near East New Apartments, Near East New Apartments, ID: Ha ris h .s @n 4 i.n e tMachine

The comparative analysis of the Table A vis--vis Table B was made which

revealed the following:

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

New hot app: Facebook Albums To PDF

1. Unauthorised access made by Harish to the w eb application but he failed. 2. Harish made unauthorised entry to the Corporate office of the N4I at Noida. 3. He accessed his email account unauthorisedly from the netw ork of one colleague 4. He collected the updated authentication details and sent it by his official mail h a ris h .s @n 4i.n e t to his personal E-mail account. 5. After this he returned home and he tried to access the Net2phone application but his login failed. 6. He again came to the corporate office and managed to get the appropriate passw ord from the computer at corporate office. 7. He returned home and accessed his email account and made a successful login to the Net2Phone application Accused persons arrested: The accused Harish w as arrested. He confessed his involvement. He emailed the unauthorized PIN Numbers to his fictitious Email IDs. The PINs & passw ords w ere kept in these emails and forw arded to various buyers. He disclosed the names of buyers; one of such buyer w as Mukesh Jindal of Chandigarh. Mukesh Jindal w as arrested and he accepted that he purchased TM from Harish and received the same at his personal email ID. The detail of email Id of Mukesh Jindal collected from Rediffmail reveals that said ID w as being used by the accused Mukesh Jindal. Collection of electronic evidence: The fake E-mail Id of the Harish w as accessed containing pins and passw ords to various cash cards of TMs. The data w as seized. One hard disk of the computer belonging to Harish w as made, seized from his residence:

1. The image copy prepared, generated hash value. 2. Seizure Memo prepared. The laptop used by Mukesh Jindal containing the email records w as seized from him:

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

New hot app: Facebook Albums To PDF

1. The image copy prepared, generated hash value. 2. Seizure Memo prepared. The mirror image copy of the Hard disks w ere analyzed-Contained incriminating evidence. Accused persons accessed their personal Email Ids- Misappropriated PINS found. Other connecting evidence collected: 1. The bank account statements of the banks in w hich money pertaining to misappropriated data exchanged hands. 2. Entry register record establishing the entry of Harish at the Corporate office. 3. Statement of officials of N4I u/s 161 Cr.P.C.. Conclusion of the case: The aforesaid mirror image copy and the hard drive w as sent to FSL for forensic report. Forensic Report received corroborating the above facts, thus, connecting the accused persons to crime. Charge sheet against the accused person is filed in the court and aw aiting verdict of court. Sh a re Th is

Share and Enjoy:

Tags: Da ta Th e ft, In fo rma tio n Te chn o lo g y Act, In te rn e t Fra u d , C yb e r C rime

C e ll, C yb e r La w , C yb e r La w ye r, Ha ckin g , In fo rma tio n Te chn o lo g y Act 200 0

Reader Commen ts

I finally decided to w rite a comment on your blog. I just w anted to say good job. I really enjoy reading your posts.

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

New hot app: Facebook Albums To PDF

pdfcrowd.com

pdfcrowd.com pdfcrowd.com