BANGALORE - Chasing a 25-year-old hacker's revelations about online drug deals has thrust Bangalore police into the world of cryptocurrency. In the past year, the police in the IT city have gone from googling what bitcoins are to opening its own bitcoin account, perhaps the first for any police force in India.
When the Central Crime Branch caught Mr G Srikrishna after a long search in Nov 2020 and interrogated him about his alleged drug peddling and hacking of government websites, the computer science graduate reportedly admitted to having hacked bitcoin exchanges as well.
Mr Patil's team had to figure out how he did it.
"I had heard of bitcoins but my knowledge was elementary. We took the help of Indian Institute of Science staff who study cryptocurrency and did our own research, which helped us unearth a lot of crimes done by the accused. Now we are giving presentations to other teams," said Central Crime Branch's Joint Commissioner of Police Sandeep Patil, who is leading the investigation.
India is seeing bitcoins emerge both as a major 21st century asset and a source of cybercrime. The nation will propose a law banning the trade, holding and mining of cryptocurrencies, a senior government official told Reuters last week.
This comes after a similar bill was proposed in 2019 and various calls from officials for their ban. In February the central bank - which in 2018 tried to prohibit banks from dealing in cryptocurrency - reiterated concerns about cryptocurrency's risk to financial stability.
But Finance minister Nirmala Sitharaman told CNBC-TV18 that Indis will take "a calibrated position" instead of an outright ban.
Market watchers, however, said that India does not have the capability to surveil all digital activity necessary to enforce such a ban.
However, the country's under-resourced, overburdened police force is still largely oblivious to cryptocurrency. For instance, one middle-aged policeman who was involved in a case against a bitcoin ATM in Bangalore admitted to wondering what could be illegal about a vending machine for small change.
In 2019, having handled about 45,000 cybercrime offences, the southern state of Karnataka decided to be more prepared. Its capital city of Bangalore tops the country in cybercrime, with over 10,600 cases, 30 of which were drug-related offences on the Dark Web - a network of secret websites that exist on an encrypted network.
"Cryptocurrency started two years back but has gained popularity because of the sudden rise in price of bitcoins. Because it is anonymous, untraceable currency, it's used more and more on the dark web to buy weapons and drugs like cocaine and LSD," said Mr Patil.
Although their first case was in 2018, it was Mr Srikrishna's case that revealed both the range of crimes possible with bitcoins and the procedural obstacles in prosecuting the accused.
The police understood the new form of digital money as shares in a stock exchange, to be traded through a sort of demat account on rates that rise and fall with demand.
Instead of going into the nitty-gritty of blockchain technology that powers bitcoins, the police then wanted to know how a bitcoin account can be opened, manipulated and hacked.
They spent days understanding private and public keys, and how to trade in bitcoin exchanges. Bitcoin hacks occur when a person hacks or discovers the private key, "which is nothing but a password," they understood.
Once they figured out the hacking method, and understood that bitcoin misuse often occurred on the dark web, they faced another hurdle: seizing the illegally acquired bitcoins from the accused.
"Traditionally, we seize stolen cash or cars from the accused, give it to the court, and the court hands it back to the original owner. But here is something that is not physical, and we don't know who the original owner is. So, we thought it necessary to open a bitcoin account so we can seize it as it is," said Mr Patil.
With a new trading account, the Bangalore police seized 900 million rupees (S$16.7 million) in bitcoins from the accused.
"Unlike thieves and dacoits, cyber offenders are tech savvy, educated and sophisticated. To deal with them, our cyber skills have to be on par with them or a step ahead," said Mr Patil.
The bitcoin workshops are an extension of the Karnataka police’s more organised efforts in 2020 to upgrade its cyber vigilance through eight new cyber crime police stations in Bangalore, in addition to one every district, and spent 200 million rupees on equipment and infrastructure.
The state also opened a cybercrime training and research centre in Bangalore in partnership with Infosys Foundation in 2020. Here, not just constables and inspectors, but public prosecutors and court magistrates are also trained in everything from recovering data from water-logged phones to preserving transient digital evidence.
Earlier, the investigators would simply log into an accused person's phone and open messages or emails. This would inadvertently tamper with evidence, like putting external fingerprints on a knife in the scene of crime.
“Now, our police officials know that they must clone a smartphone or laptop for investigation so that the original device and data can be packed away as evidence,” said the Director General of Police Praveen Sood, who helped establish the training centre when he headed the Criminal Investigation Department. Bitcoin is still "an esoteric concept" to most of the force, he added, so while specialised teams master cryptocurrency, "the majority will be trained in more popular digital tools."
The most rampant cyber crimes in India are credit and debit card fraud, followed by email extortion, fake online lotteries and online shopping scams. Complaints are few, Mr Sood said, because “individual amounts lost are small” or the victim is embarrassed about having shared their password or pin with a crook.
In Mar 2020, a Bangalore woman stole bitcoins worth 36 million rupees from her former employer, owner of cryptocurrency exchange firm BitCipher Labs, using the password he had written on a piece of paper. She admitted to the crime and transferred the bitcoins back. "The police quickly resolved the case because they had known what to look for," said a senior police officer.
Learning to decipher IP addresses, seize bitcoins and save digital evidence is helping the police not only idenitfy more cyber crimes but also crack many conventional crimes, as even solving "rape, murder, and financial fraud involves technological inputs," said Mr Sood.