Hacker compromises Telangana police's TSCOP app weeks after HawkEye breach

HYDERABAD: In a concerning escalation of cybersecurity issues, the Telangana police face another major breach within weeks. Following the compromise of the HawkEye app, their TSCOP app has also been allegedly infiltrated, exposing personal information of Telangana police.

According to reports, the data from the TSCOP app is already for sale on web forums, allegedly priced at $120. The same hacker responsible for the HawkEye intrusion is behind this security flaw.

Data security researcher Srinivas Kodali from Hyderabad took to 'X' (formerly Twitter) to highlight the issue, stating, "Someone hacked the entire @TelanganaCOPs network, including TSCOP and their facial recognition setup. This was made very easy because WINC IT Services, the company that built the software, hardcoded (embedded passwords as plain text) inside TSCOP, which connects to CCTNS."

The hacker has posted sample data on forums to entice buyers, showcasing details such as offender records, police gun licenses, and other law enforcement information. User information, including officer names, police station affiliations, designations, and images, is now available for purchase online, with hundreds of police officers’ details listed as samples.

Kodali recommended that the Telangana police use longer passwords with a mix of letters, numbers, capitals, and symbols, but emphasized the importance of not hardcoding passwords in apps and suggested using HTTPS instead of HTTP.

Launched in 2018 for internal use by Telangana police, TSCOP was designed to provide instant information to aid in crime-solving and was recognised by the National Crime Records Bureau (NCRB) in 2017 with an award under the Empowering Police with Information Technology category.

A recent data breach involving the HawkEye app used by Telangana police was reported on BreachForums as reported by Cyber Express. Threat actors leaked thousands of emails, phone numbers, SOS calls from women, and other details.

The Telangana State Cyber Security Bureau has launched an investigation under the IT Act. The HawkEye app, launched in 2014, allows reporting violations and crimes against women, featuring an SOS button for emergencies. Leaked data included a woman's complaint about threats from a man who promised marriage, exposing her personal information like name, mobile number, location, and complaint date.

Responding to the hacking, Telangana additional director-general (CID) Shika Goel said, "We have registered a case and are investigating the hacking allegations and suspected breach."