Conflict of laws in cyberspace and authorship attribution for cyber crimes are two of the most prominent problems in dealing with cyber crimes having international dimensions. This is the reason why the law enforcement agencies around the world cooperate and collaborate while dealing with transnational cyber crimes.
One such transnational cyber crime syndicate has been busted by the Central Bureau of Investigation (CBI) of India with the help of Federal Bureau of Investigation (FBI) of United States of America.
The Hindu has reported about a coordinated law enforcement action by CBI against a group of crackers operating from India, U.S. China and Romania. The CBI on Friday arrested a Pune-based mastermind who allegedly ran two websites offering services for cracking into email accounts. Some people associated with the Indian Premier League are also under the scanner for attempting to hire the engineer, who had gained access to more than 900 accounts, of which 171 belong to the victims located in India. IPL match fixing investigations are already under progress.
The accused, identified as Amit Vikram Tiwari, 33, was arrested in 2003 for allegedly cheating a Mumbai-based credit card processing company by generating fake e-transactions through a website. CBI investigations revealed that Amit had been operating two websites that offered hacking services at $250-$500 a client. The two websites are presently down, may be for conducting proper e-discovery and cyber forensics investigations.
Between February 2011 and February 2013, Amit had accessed 900 accounts. Most of his clients were based abroad. Investigations are under way to ascertain whether the accused had also accessed bank accounts or had any role to play in any other illegal online activities. “The present operation is the outcome of a coordinated probe by the CBI, the FBI, Combating Organised Crime of Romania, and the Ministry of Public Security in China,” said a senior CBI officer.
The operation followed a tip-off by the Federal Bureau of Investigation of the U.S. a year ago on activities of a hacker who had gained access to Internet accounts. “The FBI shared with us the geographical location of the suspect, based on which we initiated the probe. A preliminary enquiry was instituted. Investigations revealed that the accused had been gaining unauthorised access to Internet accounts on behalf of his clients. We suspect that the targeted accounts belonged to individuals and corporate entities,” said the officer. Since the input came from the FBI, the investigators suspect that Amit might have accessed some “sensitive” Internet accounts.
Based on the findings, the agency registered two cases against Amit and unknown persons on charges of identity theft, criminal conspiracy and unauthorised break-in of Internet accounts under the Indian Penal Code and the Information Technology Act. The accused Amit was produced in a Pune court, which has granted us his transit remand. He is being brought to New Delhi for further interrogation. While his computers have been seized, we will also probe the role of his customers,” said the officer.
“The websites operated by the accused offered access to email accounts for $250-$500, which we suspect would be paid through Western Union or online money transfer website PayPal. On receipt of the order, the accused would hack into the email accounts concerned and send proof of it to the customers who would then make payments to get passwords and other particulars of the victims,” the officer said.
The cyber due diligence for Paypal and online payment transferors in India has still not been enforced. Similarly, the Bitcoins exchanges operating in India are not complying with Indian laws. In particular, the cyber law due diligence requirements (PDF), as prescribed by the Information Technology Act, 2000, is not at all followed by the e-commerce websites in general and online payment processing websites/companies operating in India in general. The cyber criminals and their syndicate take advantage of these loopholes of Indian laws.
In a related development, the federal prosecutors in U.S. have charged a Northridge man with hiring computer hackers. John Ross Jesensky, 30, allegedly paid $21,675 to a Chinese website in exchange for email account passwords, according to the U.S. Attorney’s Office. He faces up to one year in prison for the misdemeanor charge. Jesensky was one of five defendants charged by the U.S. Attorney’s Office in a series of cases filed in Los Angeles this week. Mark Anthony Townsend, 45, of Cedarville, Ark., and Joshua Alan Tabor, 29, of Prairie Grove, Ark., are accused of operating an email hacking website which affected nearly 6,000 email accounts. They each face up to five years in prison on felony charges.
Defendants in Michigan and New York also face charges for buying email passwords. Jesensky was scheduled to appear in court Friday afternoon. According to the U.S. Attorney’s Office, all of the defendants are expected to plead guilty in the coming weeks.
The U.S. cases were announced Friday after authorities in Romania, India and China arrested six more people on computer hacking charges. The international investigation coordinated by the FBI identified the operators of 10 hacking websites.