Menu
Browse

Cyber Threat Actor: Four Teenagers

Actor Type Location Known Incidents
 Icon
Criminal
India
0 incidents
Profile

The threat actor known as the Four Teenagers operated from India, with members identified as young men residing in Delhi and Gurgaon who used the alias “Four Teenagers” in law‑enforcement reporting. The group consisted of three 18‑year‑olds and a slightly older individual, Sunny Nehra, who was described by police as the alleged mastermind and a BTech dropout. According to the investigators, the youths had undergone extensive training in hacking techniques and had established connections with professional hackers based in India, the Netherlands and Indonesia to acquire the necessary skills and tools for their activities.

Their primary focus was the e‑commerce sector, specifically targeting online payment gateways and voucher‑selling platforms that serve Indian consumers, as evidenced by the exploitation of sites such as gyftr.com, MakeMyTrip, Flipkart, Amazon, Dominos Pizza, Myntra and Shoppers Stop. The strategic objective articulated in the case was financial gain, achieved through the digital shoplifting of vouchers worth approximately Rs92 lakh, which were then redeemed for goods and services across multiple online retailers. The group’s tactics involved obtaining counterfeit credit or debit cards using falsified documents, initiating a transaction on the PayU payment gateway, and then pressing the cancel button at the processing page to freeze the transaction flow before altering the payment amount parameter—changing a Rs5,000 voucher request to Re1—allowing the fraudulent payment to proceed. No specific malware families were referenced in the reporting, but the actors employed a specialized hacking suite and a Dell laptop configured with 256 GB of RAM to support their tooling, indicating a reliance on custom software and high‑end hardware for parameter manipulation.

The most publicly documented operation involved the gyftr.com voucher scheme, wherein the fraudsters purchased e‑vouchers, manipulated the payment values, and subsequently used those vouchers to acquire high‑value items such as iPhones and iPads from various e‑commerce portals. Law‑enforcement traced the illicit purchases through device IP addresses, which led them to the Facebook profile of Sunny Nehra and ultimately to a five‑star hotel in Gurgaon where the suspects were apprehended in January 2017. This case was highlighted by Delhi police as the first reported instance of digital shoplifting of this magnitude originating from the national capital.

Incidents
Attributed incidents available to members
0 incidents
Sources
Sources available to members
1 source