www.thequint.com
Open in
urlscan Pro
2606:4700::6812:5ec6
Public Scan
URL:
https://www.thequint.com/cyber/crime/srikrishna-ramesh-alias-srikis-bitcoin-scam-is-a-new-genre-of-cybercrime-a-guide-for...
Submission: On November 28 via api from US — Scanned from DE
Submission: On November 28 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
/search
<form role="search" action="/search" class="_1KYhV">
<div class="QY5hf"><label for="searchForm"><input type="search" name="q" placeholder="Search" value="" class="search__form-input" id="searchForm"></label><button type="submit" class="yHPRR"><svg xmlns="http://www.w3.org/2000/svg" width="26"
height="26" viewBox="0 0 42 42">
<path d="M0 0h42v42H0z" fill="rgba(255,255,255,0)"></path>
<path d="M26.472 23.655h-1.484l-.526-.507a12.224 12.224 0 1 0-1.314 1.314l.507.526v1.483l7.524 7.505 2.8-2.8zm-11.266 0a8.45 8.45 0 1 1 8.45-8.45 8.438 8.438 0 0 1-8.451 8.45z" fill="#fff" transform="translate(2.526 2.525)"></path>
</svg></button></div>
</form>Text Content
Become a member
Sign In
Dark Mode
Become a member
Sign In
* WebQoof
* Support Special Projects
* Elections 2022
* Farm Laws to be Repealed
* #CryptoTLDR
Powered By
* My Report
* NEON
* Brandstudio
* More
* Podcasts
* Videos
* Politics
* Good News
* Opinion
* Entertainment
* FIT
* Sports
* Climate Change
* FAQs
* Explainers
* Graphic Novels
* Law
* Gender
* Cyber
* The Indian American
* World
* Education
* The Quint Lab
* Business
* Technology
* Photos
* COVID-19
* About Us
* T&C
* Privacy Policy
Dark Mode
* Home
* Videos
* Politics
* Opinion
* Entertainment
* NEON
* WebQoof Fact Check
* My Report
* FIT
* Sports
* Climate Change
* FAQs
* Explainers
* Graphic Novels
* Law
* Gender
* Cyber
* The Indian American
* World
* Podcasts
* Education
* The Quint Lab
* Business
* Technology
* Photos
* COVID-19
* About Us
* T&C
* Privacy Policy
FOLLOW US ON
About UsContact UsPrivacy Policy
ADVERTISEMENT
SRIKI'S BITCOIN SCAM IS A NEW GENRE OF CYBERCRIME: A GUIDE FOR KARNATAKA POLICE
Sriki is a unique Indian hacker who specialised in transnational crime. But more
could follow him, trend suggests.
Karan Saini
Published: 27 Nov 2021, 7:02 PM IST
Crime
6 min read
i
* Share
* Share
* Share
* Share
* Share
* Comments
(This story is the second in The Quint's five-part series on the Bengaluru
Bitcoin Scam. The first can be read here.)
At 25 years of age, Srikrishna Ramesh alias Sriki could be the most wanted
cybercriminal in the country, with four different investigation agencies –
Central Crime Branch-Bengaluru, Crime Investigation Department-Karnataka,
Enforcement Directorate and CBI-Interpol – probing bitcoin hacking and money
laundering charges against him.
> What should interest cybersecurity analysts in Sriki’s case, is the fact that
> he could be the first Indian, so deeply embedded in transnational cybercrime,
> to be investigated by Indian law enforcement agencies.
From an Indian perspective, it is important to try to understand the flaws – not
just technical but also operational – that seem to have enabled Sriki’s crime
spree. Sriki’s career as a cybercriminal stands out primarily due to the
elaborate nature of the operations he allegedly ran. His case is especially
significant considering the awareness it has generated around cybercrime, and
the insights it has provided into the problematic state of cybercrime
investigations in India.
Also Read
BITCOIN HACKER SRIKI DECEIVED BENGALURU CYBER COPS, TECH ANALYSIS REVEALS
ADVERTISEMENT
FROM HACKING 'RUNESCAPE' AS A SCHOOL BOY TO STEALING BITCOINS
In a ‘voluntary statement’ given to Bengaluru police, Sriki admits to having
carried out an attack targeting the Bitfinex cryptocurrency exchange, from which
he claims to have stolen 2,000 bitcoins (valued at roughly Rs 800 crores at the
time of writing this article). He claims this hack was done in 2015, when he was
just 19 years old.
> But what makes him unique is the trajectory that his dubious career took –
> from his early days to the time he allegedly hacked poker websites, bitcoin
> exchanges and even Karnataka’s e-procurement website.
Sriki claims his first exposure to computer security and hacking was as a school
student with the multiplayer role-playing game ‘RuneScape’. He allegedly wrote a
program to automate tediously repetitive tasks in the game, even making a small
profit in the process. His statement is being contested in a Karnataka court by
Sriki’s family, but it suggests he charted a unique path as a cybercriminal.
Sriki graduated from his modest 'RuneScape' exploits to more serious hacks
shortly. He allegedly compromised user accounts on PayPal, an online payment and
money transfer service used by millions around the world. Sriki claims he
performed credential stuffing attacks against PayPal. Credential stuffing is
where an attacker, usually with the help of a program, submits email and
password combinations harvested via data breaches to target accounts on a given
service on a mass scale.
> Why should this modus operandi followed by Sriki in his early days as a
> cybercriminal be of interest to investigating agencies?
Here’s why. The documented cases of cybercrime in India show that most domestic
cybercriminals carry out low-tech crimes – mostly cases of financial fraud
usually carried out by way of phishing. To get a sense of such low-tech crimes,
watch the Netflix series ‘Jamtara’, named after a town in Jharkhand that is a
hotspot for such crimes. The point, however, is that even such low-tech
cybercrime cases are not properly investigated.
> In stark contrast, Sriki’s statement makes him different from the regular crop
> of cybercriminals in two significant ways – a considerable knowledge of
> computer systems, and an inclination to use his knowledge to conduct
> sophisticated and substantial cyberthefts of sums running into several crores
> of rupees.
Do Sriki’s arrest and subsequent cases indicate an emerging cybercrime trend in
the country? Have more tech-savvy criminals entered India’s ‘cybercrimescape’?
Also Read
EXPLAINED: WHAT IS THE 'BITCOIN SCAM' THAT HAS ROCKED KARNATAKA'S BJP GOVT?
ADVERTISEMENT
RISE OF A NEW BREED OF CYBERCRIMINALS?
In his bid to compromise websites, Sriki appears to have primarily targeted web
applications, where, after studying them, he would either exploit
vulnerabilities that had already been publicly disclosed by a third party.
Otherwise, he would attempt to hack into them on his own.
On one occasion, Sriki admits to having exploited a zero-day vulnerability in a
program or application targeted by him. The term 'zero-day' or '0day' refers to
a vulnerability that has not been publicly disclosed at the time it was
exploited.
> Meaning, Sriki could have found the vulnerability on his own. If confirmed,
> that would make him a lot more 'high-tech' than phishing fraudsters of
> Jamtara.
Sriki’s case, in terms of planning and execution, is similar to cases that have
unfolded in the UK and the US. For instance, the 2020 case of 17-year-old Graham
Ivan Clark, who was able to trick Twitter employees and break into several
high-profile accounts on the platform, abusing the targeted accounts’ influence
to solicit more than $100,000 in cryptocurrency.
The Indian hacker’s case is also similar to several others of individuals and
groups involved in a practice known as SIM swapping – a method to gain access to
victim’s phone numbers, to steal or extort sizeable amounts of Bitcoin and other
cryptocurrencies.
> Recent developments in the cybercrime space in the country indicate that Sriki
> could be the frontrunner of a new trend.
A report by Google’s Threat Analysis Group in 2020 sheds light on the trend of
'hack-for-hire' firms operating out of India. The same year, Toronto-based
Citizen Lab published a detailed report attributing an array of sophisticated
targeting campaigns aimed at hacking politicians, company executives,
journalists and others, to an Indian company known as BellTroX InfoTech
Services.
Given this, shouldn’t probe agencies in Karnataka and the country invest more to
study Sriki's cybercrimes and to arrive at clinching evidence that would not
just nail Sriki, but also give them the skill-set and experience to take on this
new and more sophisticated genre of cybercrimes?
Also Read
BITCOIN INVESTMENT RISKY, BUT REWARDING: INDIA'S CRYPTO MILLIONAIRES
ADVERTISEMENT
HOW TO LOCKDOWN THE ‘BEST’ INDIAN CYBERCRIMINAL?
While it is clear that more needs to be done, misguided proposals – such as the
one by the Parliamentary Standing Committee on Home Affairs, which seeks to
“curb cybercrime” by banning VPN services in India - are definitely not the
answer. Virtual Private Network is a protected network connection.
Banning VPN services, which may at times be used to slowdown cyber criminals,
will not ensure the prevention of cybercrimes. Why? Sriki could have still
learned all of the skills he did, and performed the hacks he allegedly carried
out despite a VPN ban, by using other anonymity services, like the Tor browser.
> Law enforcement agencies in India need to bridge the clear gap in skill and
> preparedness when it comes to investigating sophisticated cybercrimes
> originating from or targeting users within the country.
In this regard, establishing a probe agency similar to the REACT Task Force in
the US might be ideal. The task force was established in 1997 by the California
State Department of Justice as a partnership between local, state, private and
federal agencies in the country. The task force, in recent years, has helped
investigate and prosecute many high-tech offenders.
Meanwhile, in Karnataka, cybercrime police and other investigation agencies are
still struggling to find enough forensic evidence that could help them prosecute
Sriki. Shouldn’t more cybercrime experts be consulted to prove him guilty if he
indeed is a cybercrime mastermind?
> But even as Indian agencies grope for evidence against Sriki, Indian users
> themselves may be in a position to limit the personal financial impact that
> the compromise of a cryptocurrency exchange could have.
For instance, users who are worried about the security of their funds, could
withdraw cryptocurrency they have stored with third-party services and
exchanges. In the case of trading platforms, as soon as a trade is made, funds
should immediately be transferred out to a wallet under the user’s direct
control, preferably to a hardware wallet or paper wallet.
While the process of moving funds out of third-party exchanges would incur
certain fees, it may very well be a price worth paying to keep one’s funds safe.
As for Sriki, the probe needs to be strengthened, perhaps by bringing in
expertise that the agencies may be lacking. The probe also needs to be
transparent for it to lead to conviction.
(Karan Saini is a security researcher and public interest technologist based in
Bangalore.)
Also Read
EL SALVADOR ADOPTS BITCOIN AS LEGAL TENDER: WHAT’S INDIA THINKING?
(At The Quint, we are answerable only to our audience. Play an active role in
shaping our journalism by becoming a member. Because the truth is worth it.)
ADVERTISEMENT
Read Full Article
EMPOWER INDEPENDENT JOURNALISM.
BECAUSE THE TRUTH IS WORTH IT.
Select Amount:
50018005000
Support The Quint
* Share
* Share
* Share
* Share
* Share
* Comments
Also Read
Bitcoin Hacker Sriki Deceived Bengaluru Cyber Cops, Tech Analysis Reveals
'Artist Haar Gaya,' Says Munawar Faruqui After Show Cancelled in Bengaluru
Chhattisgarh Govt Ignores Red Flags, Seeks Permission for Coal Mine
Katrina Kaif-Vicky Kaushal Wedding: KJo & Farah Khan to Choreograph Sangeet?
Loading Comments...
ADVERTISEMENT
Stay Updated
Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.
Subscribe
Join over 120,000 subscribers!
More News
POLICE BUSTS GANG THAT CHEATED PEOPLE BY PROMISING OXYGEN CYLINDERS, 9 ARRESTED
ED SUMMONS AMAZON INDIA CHIEF IN PROBE ON DEAL WITH FUTURE GROUP
SUNDAY VIEW: THE BEST WEEKEND OPINION READS, CURATED JUST FOR YOU
COVID-19 LOCKDOWN RESTRICTIONS LIFTED IN MAHARASHTRA; EMPHASIS ON VACCINATION
ADVERTISEMENT
ADVERTISEMENT
SECTIONS
* WebQoof
* Support Special Projects
* Elections 2022
* Farm Laws to be Repealed
* #CryptoTLDR
* My Report
* NEON
* Brandstudio
* Podcasts
* Videos
* Politics
* Good News
* Opinion
* Entertainment
* FIT
* Sports
* Climate Change
* FAQs
* Explainers
* Graphic Novels
* Law
* Gender
* Cyber
* The Indian American
* World
* Education
* The Quint Lab
* Business
* Technology
* Photos
* COVID-19
* About Us
* T&C
* Privacy Policy
TRENDING TOPICS
* Bank Holidays in November
* OnePlus 10 Pro
* India vs New Zealand Test Match Live
* CTET December 2021 Admit Card
* JNU Results 2021
* SSC CGL 2020 Tier 1 Result
* UGC NET Admit Card 2021
* IBPS clerk prelims admit cards
* IIM CAT 2021 Exam Date
* DU PG Admission 2nd Merit List
* KCET 2021 Seat Allotment Result
FOLLOW US ON
Bloomberg QuintQuint HindiFIT
About UsContact UsPrivacy PolicyT&C
Hindi Female
Listen
Listen
Pause