JOIN USSriki, aide had resources to hack crypto exchanges: hard disk analysis
The police have said that the claims made by hacker Srikrishna alias Sriki are “unsubstantiated”.
But an analysis of the mirror image of the hard disk seized from him and his associate Robin Khandelwal reveals that they had technical resources needed to infiltrate cryptocurrency websites.
Forensic analysis of the disk showed that it contained data on the scripts used by the hacker for the purpose.
In one hard disk, forensic analysts were able to find files related to a cryptocurrency exchange ‘coineal,’ which is a “secure cryptocurrency exchange” that provides “advanced services for buying, selling and transferring” crypto assets, according to the company’s website.
The findings are part of a charge sheet filed by the police before the first additional chief metropolitan magistrate in connection with a case filed by Pacific Gaming Limited against Sriki on December 23, 2020.
“The said hard disk was found to contain file related to cryptocurrency website ‘coineal’ (sic),” the report submitted on January 7 by Group Cyber ID Technology Pvt Ltd said. This company was roped in by the police for forensic examination.
Analysis of the disk was conducted to ascertain whether ‘pokersaint’ and ‘casino143’ websites were hacked by the accused.
The disk also contained data on the hacking of the said websites, along with “scripts for hacked websites and bitcoin”.
Analysis of other devices of Sriki, Robin and Sunish Hegde (another accused) revealed that they contained “transaction screenshots and emails establishing communication between Robin, Sriki and Hegde regarding cryptocurrency exchange.”
This inference was made by Group Cyber ID Technology Pvt Ltd, while submitting a second report on the seized devices on January 15, 2021.
Data challenges?
Even cyber experts were unable to recover files from a hard disk named ‘Robin’s Mac’ seized from Sriki and Robin.
“The exhibit hard disk marked ‘03’ was found to be formatted with HFS+file system which is said to be containing the disk image of ‘Robin’s Mac’ protected with FileVault Encryption for which the password is not known. Hence, no data related to hacking, cryptocurrency exchange and money laundering could be analysed,” an examination of devices by Group Cyber ID Technology Pvt Ltd said.