Four hackers arrested for digital shoplifting
FIRST OF ITS KIND They had used vouchers worth ₹92L at popular ecommerce websites
NEW DELHI: Four young hackers have been arrested for allegedly digitally shoplifting vouchers worth ₹92 lakh by tampering with the data of e-commerce websites at the payment gateway stage. Two of them are BTech dropouts, one is pursuing engineering while the other is a BCA from Delhi University, police said.
Calling it the first such case reported from the national capital, DCP (south) Ishwar Singh said these hackers used these vouchers at popular e-commerce sites such as MakeMyTrip, Flipkart, Amazon, Dominos Pizza, Myntra and Shoppers Stop, among others, said police.
To avoid being tracked, the accused never lived in any place for more than a day or two, but they spent their time putting up at five star hotels, travelling by expensive flights and splurging on their girlfriends.
Theywould‘show-off’theirlavish lifestyle and offer expensive laptopsandmobilephonesfordirtcheap to their friends on a social media website. To come across as well-off persons, the four would hirecarslikeMercedesandBMW, said the DCP on Wednesday.
The three 18-year-old youths, led by the alleged mastermind, Sunny Nehra, had allegedly undergone extensive training in hacking and had tied up with professional hackers in India, Netherlands and Indonesia to learn the tricks of the trade.
“They had obtained special softwares that helped them go about their job. They even had a Dell laptop of 256 GB RAM configuration capable of supporting a particular hacking suite,” said an investigator.
Nehra, a BTech dropout, had obtained an additional expertise in looking for vulnerabilities in online payment sites. A few months ago, one of his hacker friendsinformedhimthatPayU,a paymentgateway,wasvulnerable andcouldbetestedfor“datatampering”, said the DCP.
The hackers began by identifying vulnerable online e-payment gateways
They then visited an e-commerce website offering e-vouchers that can be redeemed on other portals offering products and services
They would choose a voucher worth any amount to begin with
Using fraudulently obtained
Nehra studied the website and soon realised that it allowed changes in parameters at the processing page. He then targeted a website gyftr.com from where one can buy vouchers.
Explaining the modus operandi, Singh said, Nehra and his friends would first opt for a purchasing an e-voucher from the website. Using credit or debit cardsobtainedonfakedocuments, the hackers would enter the card details and make the payment usingthePayUpaymentgateway.
Once the payment was being processed, one is generally led to a page that asks not to ‘refresh’, ‘cancel’ or ‘go back’ until the payment is through. debit cards, the hackers would initiate the payment process
Once the process reaches a stage where you are asked not to ‘refresh’ or ‘go back’, they click on ‘cancel’ to “freeze” the page
Their expertise in hacking, assisted by certain software, allowed them to decode the source code and edit certain values
It is at this particular point that these hackers would press the cancel button to “freeze” the page. Using their hacking skills, they would change certain values before again proceeding with the payment.
For example, if they were purchasing a voucher worth ₹5,000, theywouldeditthevaluetojust ₹1. Since they had already decoded the source codes of that page during the experimentation stage in the past, they were able to make the payment go through.
While the hackers then used these vouchers to buy products and services from different websites, the portal offering the vouchers was duped.
They would particularly replace the actual cost of the e-voucher with a nominal amount
They would then continue the payment and obtain the e-voucher for the amount entered by them instead of the actual value
The vouchers would be redeemed by them while the website offering it would lose out on the money
It was on December 30, 2016, that representatives of an e-commerce website that administers the website gyftr.com approached Hauz Khas police with a complaint that they had been duped of vouchers worth ₹92 lakh.
A special team constituted to crack the case obtained records from the portals whose services were used. That helped police identify certain iPhones and iPads that were purchased by the accused. “The IP addresses of these devices were tracked, leading police to the Facebook profile of Nehra,” said the DCP. He was finally traced to a five star hotel in Gurgaon. At his instance, his friends too were nabbed. GURGAON: The body of a minor girl, who had gone missing on January 5, was recovered from a pond in Ambedkar park near Rajeev Chowk in Gurgaon on Wednesday.
The body was spotted by local residents who visited the park in the afternoon. Sources said locals first noted a foul smell emanating from the water, and later spotted the body that was floating in the water.
“There were injury marks on the girl’s head, abdomen and neck. It seems like she was raped and then strangulated to death,” said a police official. The police have sent the body for post-mortem examination, which will be conducted on Thursday.
According to reports, locals noticed someone floating in the pond, after which they immediately contacted the police.
A team from Civil Lines police station later rushed to the spot and fished out the body from the water. They later identified it as the body of the minor from the red frock she was wearing. The SHO of Civil Lines too identified the girl from her photo and informed her father.
The deceased was a resident of Sector 15, police said, whose father is a rickshaw puller. The family had been living in Gurgaon for the last few years.
“The CCTV cameras near the pond are lying defunct. We could have identified the accused otherwise,” said Bijender Singh Hooda, station house officer of Civil Lines police station.
He added that five teams had been formed after the minor girl was reported missing on January 5.