Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Hindu

The quiet railway station in the heart of Karmatar draws its name from one of the country’s greatest social reformers, but today hardly anyone seems to be aware of the connection of this place to Ishwar Chandra Vidyasagar. Only a few hundred metres from the Vidyasagar railway station is the place where he lived for 18 years, taught girls in a thatched school, and distributed medicines from a home clinic. Some of the articles used by him are still lying here but the place, which should have been a tourist destination, does not get any visitors these days.

Instead, this nondescript little town in Jharkhand’s Jamtara district is often frequented by police from different States: it has emerged as one of the biggest hubs of cybercrime in the country. Records at the Karmatar police station reveal that between April 2015 and March 2017, police teams from 12 different States have visited the station 23 times and arrested around 38 accused. Over 80 cases have been registered suo motu by the Jamtara district police between July 2014 and July 2017 against 330 residents of the area. At Karmatar police station alone, the number of arrests in 2017 has crossed 100.

Cases and seizures

There are hardly any signs of development on the 17-km road leading from district headquarters Jamtara to Karmatar. The road itself, which runs parallel to the railway line, is pockmarked with large potholes. The only thing that catches the eye in this semi-urban setting with a population of about 2,00,000 are the dozen mobile phone towers erected in the fields on either side of the road. And it is these towers that hold the key to Jamtara’s infamy.

With half-a-dozen LED television monitors and two soft black sofas — one of them right next to the lock-up cell — gathering dust, the newly constructed Karmatar police station appears unlike others. Within the station compound are parked brand-new vehicles — all SUVs — and over two dozen motorbikes, all seized vehicles. In one of the dimly lit rooms inside, an officer is going through a handwritten note, oblivious to an informer’s repeated attempts to draw his attention to a tip-off about illegal liquor being sold somewhere. It’s a petition by a man arrested in a cybercrime case alleging human rights violations.

Krishna Dutt Jha has been in charge of the police station for the past eight months but finds it difficult to keep a count of the articles seized. “How many sofas have we seized this year?” he asks one of his subordinate officers. “Three, Sir. Two air conditioners and 12 refrigerators too,” comes the response. Jha begins the count once again: 70 LED TVs, three washing machines, 40 ATM cards, about 80 bank passbooks, 200 mobile phones and ₹9.28 lakh in cash.

Speaking of the latest arrest he has made, Mr. Jha says about ₹99,500 was withdrawn from a person in Sambalpur, Odisha. Two brothers, Pradip Mondal and Pradyuman Mondal, were arrested from the Karmatar area on July 15 in a joint operation by the district police and a police team from Odisha. On August 5, the third accused, their cousin Dukhi Mondal, a truck driver, was arrested. The money allegedly siphoned off from the Odisha bank account by the two brothers was parked in a mobile e-wallet of their cousin and used to buy diesel from petrol pumps.

About 12 km from Karmatar police station is the Narayanpur police station, another area where multiple cases of cyber fraud have been recorded in the recent past. Boxes of liquor seized in a raid the previous night are piled up outside the entrance of the main police station building. The registers of the police station present a maze of unknown numbers, SIM cards referring to frauds done using e-wallets. Most of the complaints of cyber fraud, like the ones at Karmatar, have been registered suo motu by the police station in charge. The charges are mostly the same: Section 419, 420 of the IPC (cheating by impersonation and cheating), 468 and 471 (forgery for cheating and using forged document as genuine), 120B (criminal conspiracy) and Section 66B, 66C and 66D of the Information Technology Act.

Senior police officers reveal that the first cases of online fraud pertained to mobile recharges in 2011. A group of youth who had gone to work outside the district learnt the trick of recharging phones without actually paying and made some quick money. A couple of years later, cases of siphoning of money from bank accounts by accessing financial details came to the fore.

Some police officers call the practice “phising” (phishing) but Jaya Roy, the Jamtara Superintendent of Police (SP), says it is actually “vishing”, gaining access to private financial information of a person by claiming to be calling on behalf of a bank or financial institution. She says the tricks which the local youth, mostly school and college dropouts, employ to dupe people are not very complicated. “They call up people posing as bank officials on any pretext, say, linking the Aadhaar number to the bank account, and ask for card details. Sometimes, they even warn not to give the ATM PIN and say ‘we are sending you an OTP from the bank and you have to confirm the OTP number’. Unfortunately, even educated people get convinced and get duped,” says the SP.

No stranger to crime

Located in the Santhal Pargana region, Jamtara, which was demarcated as a district in April 2001, has been prone to crime in the past as well. “Earlier, the people were involved in wagon-breaking; then there were reports of train passengers being intoxicated and duped. This is how the nature of crime has evolved here,” says Roy. It doesn’t help that the literacy rate of Jamtara district, with a population of about 7.91 lakh, is 64.59% and the percentage of non-workers is 58.71. The district economy depends primarily on agriculture.

Despite those abysmal numbers, the presence of easy money here is apparent, evidenced by the numerous cell phone towers, branches of all major public and private bank, and the mushrooming of two-wheeler showrooms in the area. At Karmatar, a hamlet of huts a few years ago, there are more concrete houses being built than in the district headquarters itself. “How do you convince people who have no other modes of employment? What else will give them this kind of earning?” Mr. Roy asks rhetorically.

Crime also tends to be infectious — in the confessional statement before the police, 22-year-old Diwakar Mondal, arrested on March 11, 2017, states that he along with his cousin Mithun Mondal gathered fake SIM cards and started indulging in cybercrime after “aas-paas ke log cyber thuggee kar ke amir ban gaye (people around us became rich by indulging in cybercrime)”. In the statement, Diwakar admits to arranging mobile SIM cards with fake identities and also bank accounts under different names.

Talk of the town

At the Jamtara Bar Association complex, defence lawyers are complaining that the district court isn’t granting bail to the accused because of the perception that cybercrime has reached alarming proportions.

The chamber of S.N. Mondal, one of the most sought-after defence lawyers for cybercrime, which is located at the heart of Jamtara town, is buzzing with activity as early as 8.30 a.m. Janardan Mondal, an accused, is one of the first to arrive. He claims that he used to work as an agent for a non-banking deposit collection company in the district and vehemently denies the charge of withdrawing money from someone else’s account.

“At Karmatar, we were the first to have a car. But then someone in the neighbourhood also called Janardan — much younger to me — duped a minister from Delhi and the police came knocking on my door in February-March, 2014,” he says.

As Janardan hangs around, a middle-aged man with an arm sling drops by to persuade the lawyer to seek bail for his younger brother who is behind bars. “Please see these papers to arrange his bail,” pleads the man. “Arre, tum log badmash to hai (You guys are bad for sure),” the lawyer retorts, whispering to me, “The middle-aged man’s brother is an ATM master (a term used for those indulging in cybercrime).” He adds that cases of online fraud are on the rise. “I should not be disclosing this but take a look at this,” he says, pointing at the charge sheet — a senior police officer has been duped.

Outside the lawyer’s chamber, the man in the arm sling has an animated discussion on how incidents of cyber fraud and ”vishing” have given a bad name to the area. “It is difficult to get our daughters married,” he says. Reports of cybercrimes have assumed mythical proportions; it is not uncommon to hear at practically every nook and corner of the town about how boys have duped people from different parts of country, targeting even ministers, senior government officers and famous actors.

Pujya Prakash,Sub Divisional Police Officer of Jamtara, keeps a large hand-drawn map in his office marking every incident of cybercrime. “There are many, who after being granted bail, return to their tricks. The returns in this business are so much higher,” he says.

The modus operandi

The local police stations have stopped giving residence proof certificates — required for government jobs — to those accused of cybercrime. A ‘cyber police station’ to keep a tab on these crimes is also on the cards. But policemen insist that even provisions of the Information Technology Act are inadequate to tackle the organised nature of cybercrime.

“A cottage industry has developed in Jamtara,” says a senior officer with Delhi Police’s E-fraud Investigative Cell, detailing the modus operandi. He says scores of jobless young persons are involved in acquiring vast numbers of SIM cards on fake identities, which they use to fool unsuspecting ATM card owners. Almost all e-wallets such as Paytm, Freecharge are being used. One deduction from an ATM card travels to one e-wallet and immediately into five or six other e-wallets, and then finally into a bank account, from where it is instantly withdrawn via ATMs.

A young man in Jamtara, motorcycle-borne and wearing track pants and floaters, offers additional ground inputs. “It is not that simple and cannot be done alone. You require a dal [group],” he says. Typically the crime involves two people. One who makes a call to an unsuspecting customer seeking details about his bank account, while masquerading as a bank official. The second person sits with a smartphone, all set to click on ‘proceed to make payment’ for items on an e-commerce website. He completes the transaction with the customer’s bank details within moments after his partner secures them. The SIM card is then disconnected and destroyed. In most of the cases bank accounts or e-wallets of a third party is used to make these ”vishing” transactions and the police have to follow a long trail to get to the main perpetrator.

Many of Jamtara’s ”vishing” experts have never left town, but their reach spans the nation. In May last, Sheela (name changed), who had just delivered a baby, applied for a bank account at the Central Bank of India in Darjeeling. A few days later, an ‘agent’ from the bank called asking for more details. The agent sounded genuinely helpful, and sympathetic, and told Sheela that she could avoid coming all the way to the branch if she could give the name and ATM card details of a guarantor. Without giving it much thought, Sheela called her mother, who works as a domestic help in Delhi, and passed on the latter’s State Bank of India ATM number and PIN to the ‘agent’. Within hours, her mother was on the line again, tearfully telling her that nearly ₹30,000, her savings of years, had been withdrawn from her account.

The Delhi Police’s E-fraud Investigative Cell moved quickly, helped by a spate of recent cases that were similar. Clearly, buoyed by their recent success, the Jamtara gangs were getting sloppy. They tracked the money transfer through Paytm and an e-retailer to a bank account in Himachal Pradesh. But even though the money was found, the culprit is untraceable, says a senior officer. “The people are so well organised, and have access to thousands of SIM cards that they deactivate the moment they are able to successfully con someone. They make thousands of calls every day, and only have to get lucky once in a while.”

The account in Himachal Pradesh that police traced Sheela’s mother’s earnings to had a bank balance exceeding ₹7.5 lakh, all presumably ill-gotten gains made by swindling the most naïve, defenceless and helpless, whose only real fault was attempting to enter India’s much-vaunted digital world, and trusting their money would be safe in it.

www.extremehacking.org

Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv9,CHFI,ECSAv9,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v9 course in Pune-India, ceh certification in pune-India, ceh v9 training in Pune-India, Ethical Hacking Course in Pune-India