The tech-savvy police of Hyderabad hired a team of ethical hackers to identify and nab Vannam Sriram Dinesh Kumar from Vijayawada, who amassed more than ₹3 crore in the last three years by hacking the data servers of various payment gateways.
In a clinical operation, the cybercrime police and ethical hackers pursued the leads for more than two months and checkmated the ethical hacker-turned-criminal and aced the game against him, Joint Commissioner of Police (Detective Department) Gajarao Bhupal told The Hindu.
An engineering dropout, but a highly-talented techie, as described by the police, Dinesh Kumar used to pick up small-time gig works at mobile shops and understood how SIM cards could be used to advance his nefarious activity. After enhancing his skills by watching tech videos on YouTube, he become a regular at hackathons and was a rewarded ‘bug bounty hunter’ by various payment gateway companies.
Emboldened by his technical skills, Dinesh Kumar approached a tech company for a full-time job after he identified the bugs in their server, but was turned down as he didn’t have an engineering degree. So, he developed three applications, including Get Taxi, and Daily Basket, operational in Vijayawada. As he doesn’t know the means to raise capital for his apps, they were running into losses. “So, he used his own talent, identified the bugs in payment gateway companies using proxy IP addresses and instead of flagging the issues to the companies, he decided to hack them,” Mr. Bhupal said.
Dinesh Kumar hacked and got access to super admin computers of the payment gateways and transferred small amounts (₹20,000 and below) to various bank accounts, he said. Most of the companies were based out of Bengaluru, Mumbai and Gurugram. Even the companies never reported the issue to law enforcement agencies as the amount was small and their reputation would be at stake. “With no complaints, Dinesh Kumar started to increase the amount and he slowly siphoned off ₹40 lakh and ₹50 lakh from Mahagram and Best Pay payment gateways, respectively, apart from other companies.
According to Mr. Bhupal, the accused was so clever that soon after transferring the amounts to his fake bank accounts, he used to convert them into cryptocurrencies. “He was very careful. He used proxy IPs, fake bank accounts, fake KYCs and even obtained SIM cards using fake IDs, as a result, we had to rope in ethical hackers and wait for nearly two months to nab him,” the officer said.
Further, he said that Payment Aggregators and Payment Gateways are emerging technologies and the Reserve Bank of India is yet to come up with proper guidelines for the security of such entities. “It’s an evolving technology. The RBI has issued some guidelines on regulation in 2020, and they are likely to come up with a licencing policy in July,” Mr. Bhupal added.