Police said the hacker and his associates set up a system of routing the stolen money back through hawala channels — after it was initially moved from the e-procurement cell to an NGO's account in Nagpur and the account in Bulandshahr.
One of six hard disks recovered from laptops belonging to hacker Srikrishna Ramesh alias Sriki, 26, who is at the centre of an alleged Bitcoin-for-bribes controversy that has hit Karnataka politics in recent weeks, has revealed data of a hack carried out at the e-procurement cell of the state government where Rs 11.5 crore was stolen by a hacker gang in 2019.
The analysis of these hard disks from laptops seized from the hacker and an associate Robin Khandelwal, following their arrest in Bengaluru in November 2020, was carried out by private cyber forensics firm Group Cyber ID Technology Pvt Ltd earlier this year at the instance of the Bengaluru city cybercrime police in a case of hacking of two poker gaming sites.
The details of the analysis are enclosed as a report in a chargesheet filed in the cyber case.
According to the cyber forensics report, one hard disk “marked 01” recovered from a Macbook belonging to Srikrishna contains “hacking data” for the alleged hacking of the eproc.karnataka.gov site of the e-governance cell of the Karnataka government and other sites.
The report has cited a text file, created in 2018, that confirms the hacking of the e-procurement site.
In August 2019, officials at the e-procurement cell of the Karnataka government filed complaints with the cybercrime unit of the Criminal Investigation Department of the state police saying unknown persons had stolen Rs 11.5 crore of earnest money deposits from the e-procurement cell and that officials were able to stop the theft of Rs 7.37 crore.
Srikrishna and his associates are accused in the e-procurement cell hacking case and several other incidents of hacking Bitcoin exchanges and poker gaming sites.
Since his arrest in November 2020, initially in a case of buying drugs with Bitcoins, Srikrishna has claimed that he and his associates were trying to steal Rs 46 crore from the e-procurement cell – in three tranches — but managed to get only Rs 11.5 crore before officials got wind of the crime.
Police said the hacker and his associates set up an elaborate system of routing the stolen money back through hawala channels — after it was initially moved from the e-procurement cell to an NGO’s account in Nagpur in Maharashtra and the account of a private firm in Bulandshahr in Uttar Pradesh.
In a voluntary statement to the police after his arrest last year, Srikrishna admitted his involvement in the hack: “In May/June 2019, I hacked into the e-procurement site of the Govt of Karnataka where I exploited a remote code execution vulnerability and got access to the bidder information and downloaded all the files relating to the bids happening at that moment.”
The analysis of the hard disk from Srikrishna’s laptop has also revealed hacking data for poker sites PokerSaint, pppoker, Poker Baazi, for a Bitcoin exchange called Koinex and several other sites including food supply service provider Zomato.
The cyber forensic experts could access the hard disk of only two of six laptops seized from Srikrishna and his associate Robin Khandelwal. Three laptops could not be analysed due to encryption codes that could not be bypassed while one was damaged, says the forensics report.
Incidentally, the same cyber forensics firm conducted an analysis of data held in a cloud server by the hacker and found that Srikrishna had as many as 76.13 lakh public addresses/private keys for Bitcoins and as many as 26 e-wallets. Sources said these could have been acquired by hacking or through data trading on the dark web as part of efforts by hacker groups to steal cryptocurrency.
One of the wallets in the cloud with 31 Bitcoins was initially shown by the hacker to the police as his own by providing only the public address and not the private key that is needed to access the Bitcoins in the wallet.
The ruling BJP in Karnataka has been questioned in recent weeks by the opposition Congress over the alleged disappearance of over 5000 Bitcoins reported to have been in the possession of Srikrishna (as claimed by the hacker himself) before his arrest in November 2020. The Congress has suggested corruption involving a few BJP leaders and their kin. The BJP has alleged that the hacker was associated with the kin of many Congress leaders too.
Source: Read Full Article