Noida police has arrested two members of hacker group Indishell (earlier hacked 30 Pakistani government websites) for alleged hacking into website of Memory Electronic Pvt Ltd that specializes in mobile and DTH recharge. According to the police, the accused Sumit Gupta and Ankit Singh, both BTech in computer science have allegedly involved in scores of hacking cases, and the other four accused including Srinivas, who happens to be a founder and president of a cyber security and anti-hacking organization in this case are yet to be arrested [source]
The hacking led company to an estimated loss (?) of more than Rs 50 lakh. Cops arrested hackers after tracking their IP address. According to police, in order to draw off money the hackers would bypass the CCAvenue payment gateway. After hacking into the server, the accused managed administrative rights of the website and when users asked for recharge of their mobile phones, DTH cards, net cards, etc, the hackers would just key in the cell number and the amount to be recharged. However, no bill would be generated as the hackers had bypassed the payment page. Consequently, the recharge company would be debited every time without a bill, causing to losses worth more than Rs 50 lakhs.
This is not the first time when an ecommerce website has been hacked, earlier in February this year; Microsoft India’s online store was hacked by a Chinese group identified as Evil Shadow. In addition to that online travel firm Cleartrip ad server was also hacked in July this year, during Cleartrip’s hack, attackers gained control of the website’s ad system via serving malicious code. Importantly, payment gateway, CCAvenue which hackers apparently have bypassed in this case was hacked in May 2011 by hackers through exploiting SQL injection vulnerability.
Meanwhile, as per Government of India data, cyber crimes including hacking are on the rise in the country. A total of 799 persons were arrested under the Information Technology Act 2000, in the year 2010, which is a significant hike from 288 arrests in 2009, 178 arrests in 2008 and 154 arrests in 2007. Delhi reported the highest number of cyber crimes with 41 cyber crime cases registered in 2010, followed by Bangalore with 40 cases, while Chennai and Mumbai reported 10 and 8 cases respectively.