One tip from the FBI is all it took for India to catch its first cyber criminal.
Until he was taken down in a raid by India’s Central Bureau of Investigation (CBI) on Friday, Amit Tiwari was the head of an illegal enterprise that he had grown into a $600 million business since its inception in 2011. Tiwari and a band of cyber crooks sold their expertise with computer hacking to more than 1,000 customers who wanted to snoop around online but didn’t have the means. While still in operation, Tiwari’s team took fees of $250 to $500 for assignments like stealing funds, snooping around for the financial information of a business rival, digging up a family’s secrets and more.
His organization was sophisticated enough to operate worldwide, but Tiwari still fell victim to some basic errors that let law enforcement track him down; he hosted his websites on insecure U.S. servers and accepted payment in easy-to-track transfers from PayPal accounts. He even received some money via wiring through Western Union. The FBI figured out Tiwari’s identity and passed along his GPS location to India’s CBI.
While the Indian government can now boast about Tiwari’s capture, he should have been on the watch list since 2003, when Tiwari hacked into a credit card processing company based in Mumbai and robbed $14,300. Now, the CBI is making up for lost time by conducting additional raids in the Indian cities of Mumbai, Pune and Ghaziabad to try to pin down others involved in the cyber crime ring.
Soon, the Indian government hopes to secure a system ensuring that no cyber criminal slips through the cracks of its justice system. Last June, India set up a surveillance web designed to tap into India’s 900 million land lines and track the activity of the country’s 120 million Internet users.
Sounds like the beginning of a familiar debate on the merits of privacy versus security.