Embezzlement of Telephonic minutes: A Case Study on Data Theft by Hacking

NET4INDIA Case: The present case pertains to online theft of prepaid internet telephony minutes belonging to the complainant company maintained on its server by one of its employees. The said employee unauthorisedly accessed the server containing the PINS of the Internet Telephony minutes which was restricted by password and access was available to only few key employees. The unauthorized access was noticed from unknown (Internet Protocol address) IPs which the offender used to make unauthorized access.

The brief facts of the case:

  • The company N4India Ltd. (N4India) is engaged in providing a range of internet related services including internet telephony and voice over IP network services. It markets its internet telephony services under the brand name of “Phonewala.com”.
  • Track Online Net India (P) Ltd. is the US Arm of N4India which buys bulk internet telephony minutes from US Companies like; Net2phone, Go2Call etc. The Internet Telephone Minutes (TM) sold in India as (1) Cash Calling Cards (2) Online Cash Cards. The PIN Number of TM is kept online at server of Net2Phone USA (Vendor) under its control –Restricted/protected by passwords to key employees of N4I.
  • The management noticed the theft of internet telephony minutes which was most surprising as the access to the server was restricted by password which was available to few key employees only. The prepaid Internet Telephony cards belonging to N4I were available at cheaper rates in market not sold by Net4India causing it huge revenue loss.

How the culprit was caught: Obviously, it appeared to be handiwork of some insider. The investigating agency advised the company to change the password and give access to few select key employees. The idea was to trap the person who is making unauthorized access to the server of Net2phone where the PINS of Internet Telephony minutes belonging to Net4India were stored. The intruder making unauthorized access would surely leave behind its footprint in the form of IP address. As predicted, failed unauthorized access was noticed at the web application of US Company Net2Phone server from a specific set of IP addresses.

IP Address captured by Web Application

Net2Phone’s application recorded failed/successful login from the IP addresses shown below:-

Table A:

IP Address Date Time Event
221.134.63.151 19/08/2005 02.00 AM Incorrect Password
221.134.63.151 19/08/2005 02.04 AM Incorrect Password
221.134.63.151 19/08/2005 02.07 AM Incorrect Password
221.134.63.8 20/08/2005 00.30 AM Login Success
221.134.63.8 20/08/2005 00.36 AM Login Success

Thus, someone was trying to make unauthorized access to the web application.

Who is the intruder?

It was noticed that an engineer of the N4India has accessed his email ID harish.s@n4i.net during the same time (as per IST) from the same IP addresses as above. Thus, he was the culprit and mouse trapped.

The log detail of the email ID of Mr. Harish was obtained from ISP:

Table B:

IP address Date Time Event
202.71.133.12 18/08/05 06.10 PM IP belongs to N4I
221.134.63.151 19/08/05 01.57 AM User ID: Harish.s@n4i.netMachine ID: 10.251.132.151Franchise Details:B1-43, Near East End Apartments, New Ashok Nagar
202.71.133.12 19/08/05 06.45 PM IP belongs to N4I
221.134.63.8 20/08/05 00.28 AM User ID:Harish.s@n4i.netMachine ID: 10.251.132.151Franchise Details:B1-43, Near East End Apartments, New Ashok Nagar

The comparative analysis of the Table A vis-à-vis Table B was made which revealed the following:

  1. Unauthorised access made by Harish to the web application but he failed.
  2. Harish made unauthorised entry to the Corporate office of the N4I at Noida.
  3. He accessed his email account unauthorisedly from the network of one colleague
  4. He collected the updated authentication details and sent it by his official mail harish.s@n4i.net to his personal E-mail account.
  5. After this he returned home and he tried to access the Net2phone application but his login failed.
  6. He again came to the corporate office and managed to get the appropriate password from the computer at corporate office.
  7. He returned home and accessed his email account and made a successful login to the Net2Phone application

Accused persons arrested: The accused Harish was arrested. He confessed his involvement. He emailed the unauthorized PIN Numbers to his fictitious Email IDs. The PINs & passwords were kept in these emails and forwarded to various buyers. He disclosed the names of buyers; one of such buyer was Mukesh Jindal of Chandigarh. Mukesh Jindal was arrested and he accepted that he purchased TM from Harish and received the same at his personal email ID. The detail of email Id of Mukesh Jindal collected from Rediffmail reveals that said ID was being used by the accused Mukesh Jindal.

Collection of electronic evidence:

  • The fake E-mail Id of the Harish was accessed containing pins and passwords to various cash cards of TMs. The data was seized.
  • One hard disk of the computer belonging to Harish was made, seized from his residence:
  1. The image copy prepared, generated hash value.
  2. Seizure Memo prepared.
  • The laptop used by Mukesh Jindal containing the email records was seized from him:
  1. The image copy prepared, generated hash value.
  2. Seizure Memo prepared.
  • The mirror image copy of the Hard disks were analyzed-Contained incriminating evidence.
  • Accused persons accessed their personal Email Ids- Misappropriated PINS found.

Other connecting evidence collected:

  1. The bank account statements of the banks in which money pertaining to misappropriated data exchanged hands.
  2. Entry register record establishing the entry of Harish at the Corporate office.
  3. Statement of officials of N4I u/s 161 Cr.P.C..

Conclusion of the case: The aforesaid mirror image copy and the hard drive was sent to FSL for forensic report. Forensic Report received corroborating the above facts, thus, connecting the accused persons to crime. Charge sheet against the accused person is filed in the court and awaiting verdict of court.

13 comments

  • I finally decided to write a comment on your blog. I just wanted to say good job. I really enjoy reading your posts.

  • I was on Yahoo and found your blog. Read a few of your other posts. Good work. I am looking forward to reading more from you in the future.

    Tom Stanley

  • Rajesh Srivastava /

    Under which provision of the IT Amendment Act, 2008 which has been notified on 27/10/2009 the act of the offender would be covered?

  • Hi,
    Very nice information. Thanks for this.
    Regards,
    Jane

  • Nice post and this mail helped me alot in my college assignement. Gratefulness you as your information.

  • Hey,,really informative for cyber security students….Good job !!

  • What a great blog. I spend days on the internet reading blogs, about tons of different subjects. I have to first of all give kudos to whoever created your website and second of all to you for writing what i can only describe as an amazing post. I honestly believe there is a skill to writing articles that only a few posses and frankly you have it. The combination of informative and quality content is definitely extremely rare with the large amount of blogs on the internet.

  • Great blog. You have a lot of information post on this site. I have bookmarked you so I can keep up with future post and articles. Thanks.

  • Thank you a lot for providing individuals with such a breathtaking possiblity to read in detail from this website. It really is very superb plus full of a lot of fun for me personally and my office colleagues to search your site at least three times in a week to see the new secrets you have. And lastly, I am just actually satisfied with the eye-popping advice you serve. Selected 2 ideas on this page are honestly the most effective I’ve had.

  • Advantageously, the post is really the sweetest on that notable topic. I concur with your conclusions and will thirstily look forward to your upcoming updates. Saying thanks definitely will not just be sufficient, for the fantasti c clarity in your writing. I can at once grab your rss feed to stay abreast of any kind of updates. Genuine work and also much success in your business dealings!

  • I would like to thnkx for the efforts you’ve put in writing this web site. I am hoping the same high-grade web site post from you in the upcoming as well. In fact your creative writing skills has inspired me to get my own site now. Really the blogging is spreading its wings rapidly. Your write up is a good example of it.

  • It’s actually a nice and useful piece of information. I am happy that you shared this useful information with us.

    Please stay us up to date like this. Thanks for sharing.

  • Have you ever considered about including a little bit more than just your
    articles? I mean, what you say is important and everything.
    But think of if you added some great graphics or videos to give your posts more,
    “pop”! Your content is excellent but with images and clips, this
    site could undeniably be one of the greatest in its field. Terrific blog!

Leave a Reply

Your email address will not be published.

top