Photo via Christopher Schirner/Flickr
Indian law enforcement has some celebrating to do. The Central Bureau of Investigation (CBI)—essentially the country's version of the FBI—has caught its first ever cyber-criminal.
Amit Vikram Tiwari from Pune is allegedly the owner of two hacker-for-hire websites, www.hirehacket.net and www.anonymiti.com, which offer services for breaking into email accounts for the reasonable price range of $250 - $500. Before being arrested and the websites going offline, he reportedly hacked into more than 1,000 different accounts, to do everything from stealing funds to checking on the communications of families to potentially wed their sons and daughters to.
He was “[...] a member of a full fledged organised and coordinated hacking network which spreads across many countries”, according to CBI sources, who claimed that his international empire involves dealing with over $600 million. Additional raids in Mumbai, Pune and Ghaziabad have taken place to catch others.
However, before the country starts flaunting this as a major victory and rubbing it in the face of their Pakistani rivals, the Indian authorities cannot take all of the credit. In fact, most of it is owed to the American FBI, who, after investigating the sites based on U.S. servers, tipped off their Indian colleagues with Tiwari's GPS location.
Rather more embarrassingly—both for Indian law enforcement and the hacker himself—it appears that Tiwari was already known to the Mumbai police force. In 2003 he successfully obtained Rs. 900,000 ($14,300) by hacking a credit card processing company, and it looks like he was also approached to participate in an attack involving the Indian Premier League (IPL) , in which bookies sought information from the accounts of people involved in the competition.
Foolishly, Tiwar accepted most of his payments through Paypal and even Western Union Money Transfer. For someone who describes themselves as a professional hacker, use of Bitcoin or another crypto-currency never factored into his security protocol.
But putting aside the Indian police's negligence and Tiwari's egregious methods, perhaps this dependence on the American intelligence services won't last for much longer. Last June, India launched its own web of surveillance, that will “give its security agencies and even income tax officials the ability to tap directly into e-mails and phone calls”, all without parliamentary or court oversight. After it is fully rolled out, the system will be able to specifically target any of India's 900 million phone lines and 120 million internet users, all in an apparent push to stifle terrorist plots.
Of course, at a time where privacy is one of the most pertinent issues in everyone's mind, there are worries that this snooping apparatus will affect the human rights of Indian citizens. It is also unclear whether such a system will actually be effective at catching criminals like Tiwari. For instance, the FBI tip only came about because Tiwari was stupid enough to host his websites on U.S. servers, which, in a post-Snowden world, are notoriously insecure.
As business in Silicon Valley and the U.S. tech industry in general diminishes due to concerns over backdoors and law enforcement collaboration, criminals may decide to host their nefarious activities elsewhere. If Tiwari had done that in the first place, perhaps he wouldn't have been caught.