A person who hacked into the database server of payment gateway platform PayG and allegedly swindled Rs 52.9 lakh was nabbed on Wednesday, May 11 by Hyderabad police. A 28-year-old man named Vannam Sriram Dinesh Kumar was apprehended from Vijayawada in neighbouring Andhra Pradesh after he was traced with the help of an ethical hacker, Hyderabad Police Commissioner CV Anand told reporters. The accused developed a method wherein he identified vulnerabilities in the software of payment gateways and used these gaps to hack into their core servers and diverted the money, the Commissioner said.
On a complaint from an employee of a software firm stating that their account was hacked on March 15, and Rs 52.9 lakh was diverted to other accounts, the Cyber Crime Police booked a case and took up investigation and caught the hacker.
In this particular case, the accused created a user ID in payment gateway PayG by using a disposable email id and phone number, police said. He then allegedly used open source software tools for evaluating the vulnerabilities of the payment gateway and obtained the user ID of Super Admin of the payment gateway, police said, explaining the modus operandi (MO) of the accused.
Using the software he gained access into the main database server utilising the vulnerabilities existing in the payment gateway software. After entering into the dataserver, he transferred Rs 52.9 lakh from the nodal account of the payment gateway to three virtual bank accounts, police said.
With this amount he purchased bitcoin and later transferred them into another crypto account, from there he sold the bitcoin and encashed the amount, they said. During further investigation, it was found that previously also he allegedly diverted Rs 80 lakh of two other payment gateways using similar MO, police said.
Police recovered an amount of Rs 17.2 lakh from the hacker's possession and another Rs 14 lakh was found in his bank account. Three laptops and 12 mobile phones, one tab, 33 credit/debit cards, along with some bank documents, were also recovered from the possession of the accused, the police added.