Fraudulent Online Share Transactions By Hacking

Certain unknown persons executed fraudulent trade by selling a call option of 5500 shares of BEL Ltd. in the trading code of CM01 allotted by the broker M/s CMA Securities Pvt. Ltd. in the name of Shri M. K. Chopra. This trading had been done by using User ID and password provided to their client M/s. Sanvyy Shares Traders Pvt. Ltd based in Dwarka [...] Certain unknown persons executed fraudulent trade by selling a call option of 5500 shares of BEL Ltd. in the trading code of CM01 allotted by the broker M/s CMA Securities Pvt. Ltd. in the name of Shri M. K. Chopra. This trading had been done by using User ID and password provided to their client M/s. Sanvyy Shares Traders Pvt. Ltd based in Dwarka. M/s CMA Securities Pvt. Ltd. is a registered broker of National Stock Exchange Ltd.

The director of M/s CMA Securities Pvt. Ltd. lodged a complaint with the police and based on the complaint a FIR was registered and investigation was taken up by the Cyber Crime Section of Economic Offences Wing of Delhi Police because the case pertains to online fraudulent transactions.

The system log of Sanvyy shares was examined and the same revealed that on the day of the transaction i.e. on 27.06.2005, the NSE network was never logged on from M/s Sanvyy Shares. In fact their network was down with effect from 24/06/2005 due to a hardware failure. It was evident that someone had done the above trading from some other system using the complainant UserID and Password. The said shares had a strike price of Rs 600 per share with the market price of Rs. 715 per share. With the call option of Rs 115 per share someone, on behalf of CMA Securities had simply dumped all the shares to a buyer @ Rs 2 per share. The total loss involved was Rs 6.15 lacs, in the complete transaction.

The information collected from the National Stock Exchange disclosed that the said call options were purchased by one Siddarth Basu in the name of Debnath Basu through another registered NSE broker M/s India Shareline Securities Ltd. The members connect to the trading system of the exchange through X.25 connectivity and IP address was not captured by the trading system of the exchange. In fact, the software provided by the NSE & Financial Technologies to the brokers did not provide for capturing of IP Addresses. The matter was taken up with NSE who thereafter issued the instructions to include IP monitoring & capturing in the programmes provided to the brokers by the software companies authorised by the NSE.

A detailed analysis of the systems installed at the office of the complainant was conducted. It was found that the licensed trader was connected through a computer to computer link (CTCL) trading facility with the licensed Trading Member. This CTCL terminal first connected to the CTCL Server of the Trading Member, in this case the complainant, and order were then routed to the trading system of the National Stock Exchange (NSE). The user id and the password used to access the CTCL server of the Trading Member which was connected to the trading system of the NSE, were maintained and validated by the trading members. The member connected to the trading system of the exchange through X.25 connectivity and IP address was not captured by the trading system of the exchange. A software called Neat XS was provided by the National Stock Exchange to all its Trading Members for carrying on the transactions.

The CTCL server of the complainant was installed behind a firewall server for protection. As the trading member and client connectivity was a closed private network, the fraudulent transactions could only have been done by a person who knew how to bypass the firewall server to access the CTCL server. An analysis of the log of the firewall server revealed that it was being emailed at fixed intervals to a rediff mail ID. The configuration of the firewall server also revealed the presence of unallotted IP addresses which could be used to access the CTCL server.

Information sought by investigating agency from Rediff mail revealed that the Mail ID to which the logs were being sent belonged to one Sahil Saini, the system administrator who had designed and installed the firewall system. Investigation revealed that the User_ID, Password and software were provided by Sahil who passed it on to his associates and friends Manoj Sharma and Siddarth Basu. Thereafter, the accused persons in a planned conspiracy, executed the sale of 5,500 shares of BEL Ltd. in the trading code of CM01, belonging to the complainant, using the stolen user_ID and Password.

The accused Siddarth Basu age 25 years s/o Debnath Basu R/o H. No. 221, Gali No. 3, JB Colony, Modi Nagar & Sahil Saini age 24 years, r/o D-321, Mukherjee Nagar, Delhi and co-accused Manoj Sharma have been arrested. Sahil Saini holds a diploma in software design and hardware maintenance and was working as a system designer and administrator in a computer firm M/s Elegant Systems based at Karol Bagh. Sahil Saini on behalf of M/s Elegant Systems had designed and installed the network as well as the firewall at M/s CMA Securities. Siddarth Basu holds a diploma in data processing and was working at Kandpal Securities, Connaught Place, as a computer operator. Siddarth Basu disclosed to the police that the fraudulent transaction involving sale of 5,500 shares of BEL Ltd. has been executed from a Cyber Cafe at Modi Nagar and the purchase transaction was carried out from a Cyber Cafe at K.G. Marg, Delhi. The CPU configured to execute the fraudulent transactions has been recovered from the residence of the accused.

Investigation has established that the above accused persons in pursuance of criminal conspiracy have executed the fake transactions of sell of 5500 shares of BELL Ltd. from the account of Shri M. K. Chopra and correspondingly buy the same causing wrongful loss to the complainant and corresponding gain to themselves. The chargesheet has been filed against the aforesaid accused persons and trial is on.

Neeraj Aarora(Advocate)