Imran Chimpa has told cops he got the server username and password from a friend and had no idea his actions were illegal
ADVERTISEMENT
The 24-year-old at the centre of the sensational Jio hacking drama, last week, has told the police that all he had wanted to do was make a quick buck by creating a directory search engine of Jio users. Imran Chimpa alias Pintoo, a resident of Sujangarh, Rajasthan, claimed he had no idea that his access to the Jio server was illegal, and was shocked when the cops landed at his doorstep.
Following preliminary investigations, the Navi Mumbai police had termed the breach a cyber offence, and not data theft, as no Aadhaar or PAN card details were accessed. They have not, however, given a clean chit on data theft. Deputy Commissioner of Police (Crime) Tushar Doshi said, "As the FIR has already been lodged for data theft, we will probe that charge from all angles and will inform the court accordingly if we do not come across evidence to prove the charges."
Server details from 'friend'
Chimpa has told the police that he had got the username and password to the server from a friend who lives in Bihar. DCP Doshi said, "We have got some leads about where Chimpa managed to procure the username and password. We will be sending a team to question the person he has named."
A senior police officer, who did not wish to be identified, said, "Chimpa hails from a lower middleclass family and had recently appeared for his Masters in Computer Application. He was waiting for his results."
DCP Doshi said, "Chimpa has been cooperating with the investigating officers and, prima facie, we have found nothing to establish data theft. However, we will corroborate all that he has told us with the server that he was using. Also, his laptop has been seized and will be sent for forensic analysis to extract clues," Doshi said.
A crime branch officer said, "Our inquiries have so far revealed that retailers have been provided minimal access for verifying a customer's identity through UIDAI. Also, no Aadhar or PAN information has been accessed, but details will emerge only after we finish questioning the accused."
All bailable offences
Advocate Pavan Duggal, a Supreme Court lawyer and cyber law expert, said, "Until the amendment was made to the Information Technology Act in 2008, most of the offences under the IT act were non-bailable, but now most sections under the act are bailable."
He said, "In the current case, the accused had managed to get unauthorised access to data, and thereby has committed a cyber offence punishable under sections 43 and 66 of the IT Act. The quantum of punishment is three years imprisonment and a fine of R5 lakh."
"However, the police have a challenge on their hands collecting electronic evidence to establish when the unauthorised access took place, what device was used, etc. This evidence needs to be preserved and submitted to the court during the trial," Duggal said.
He added, "The conviction rate in cyber crime cases is abysmal. The first cyber offence was registered in 2003 and until today, almost 14 years later, the number of cases registered yearly has gone to thousands, but there is still massive underreporting of cyber crime cases."