Skip to main content

CBI techie nabbed over software that hacks Railways Tatkal ticket system

CBI techie nabbed over software that hacks Railways Tatkal ticket system 

 


  How do some travel agents manage to book confirmed railway tickets under Tatkal category, while thousands of passengers make unsuccessful bids on their computers or at reservation counters?

Well, it seems it is all programmed.
A software programmer of the anti-corruption agency CBI is alleged to be the brain behind one such illicit software which subverted the Railways reservation system, allowing the agents to book hundreds of Tatkal tickets at a single click of the mouse, officials said on Wednesday in New Delhi.  

The Central Bureau of Investigation (CBI) has arrested its assistant programmer Ajay Garg and his front, Anil Gupta, for developing and distributing the software to agents for a price, agency spokesperson Abhishek Dayal said.
Besides Garg and Gupta, the agency has booked 13 others, including Garg's family members and travel agents.

Garg's parents, wife, sister, and brother-in-law were allegedly instrumental in making collections from travel agents using his software, it said.
The money from the travel agents who booked tickets using his system was collected in bitcoins and through hawala channels to avoid scrutiny, he said, adding that 10 agents -- seven from Jaunpur and three from Mumbai -- have been identified in this connection so far.

"The case is in line with our policy of having a robust internal mechanism of ensuring probity and having a zero tolerance towards corruption," CBI Director Alok Verma said.
The ticket bookings under Tatkal quota open at 10 am for AC class and 11 am for non-AC coaches for the trains departing next day. Under the quota, a fixed number of seats, in each coach, are sold at a premium by the railways to travellers who need tickets urgently.

A common complaint of passengers is that by the time they enter details on the IRCTC website or complete the booking process, seats under the Tatkal quota get full within minutes of the start of booking. Their bookings are either rejected or they get a wait-listed ticket, that too at a very steep price.
Some travel agents offer to provide confirmed tickets under the quota by charging a premium over and above Railways' prices.

The arrest of Garg and Gupta has exposed the alleged software trickery used by them to exploit the vulnerabilities of IRCTC ticket booking system, they said.
Thirty-five-year-old software engineer Garg had joined the CBI in 2012 through a selection process and has been working as an assistant programmer. Earlier, he had served with IRCTC, which handles ticketing system of the railways, between 2007 and 2011.

The CBI probe so far has indicated that Garg learned the vulnerabilities of the IRCTC ticketing software during his tenure there which he exploited in his software, they said.
"These vulnerabilities still exist in the IRCTC system that is why his software was able to dodge it for booking tickets of hundreds of passengers at one go," an official said.

These tickets were genuine and the payments of the tickets went to the Railways, they said.
Garg, who is alleged to be the mastermind, acted in the background, while his front, Gupta, distributed the software to travel agents and collected money on his behalf.

"Use of such software is illegal as per rules and regulations of IRCTC and also under the Railways Act. It was also alleged that the accused was collecting money for the use of such software by certain booking agents and had amassed huge wealth from these activities," Dayal said.

The CBI has carried out searches at 14 locations in Delhi, Mumbai, and Jaunpur during which it recovered Rs 89.42 lakh in cash, gold jewellery valued at Rs 61.29 lakh, 15 laptops, 15 hard disks, 52 mobile phones, 24 SIM cards, 10 notebooks, six routers, four dongles and 19 pen drives, Dayal said.
Through the software, Garg was allegedly able to keep statement of tickets booked by the agents and charged them on every ticket, in addition to the cost of the software.

Once installed on the agents' computers, the software needed a username and password which Garg allegedly changed from time to time to ensure recurring payments, they said.

Garg used a complex chain of Indian and foreign servers, online masking and cryptocurrency to facilitate his operations, the officials said, adding that his luck ran out after the agency received source information about his operations.
He was kept under surveillance before being arrested after a late night operation by the agency. While Garg was arrested in New Delhi, Gupta was nabbed from Jaunpur.

"...it usually takes 120 seconds in normal course for generation of a single PNR but this illegal software enables the user to book multiple Tatkal tickets online in much less time," the CBI FIR alleged.

It said the software enables the user to save all required details to book Tatkal tickets beforehand in the software which are automatically filled-in the IRCTC portal as soon as Tatkal booking starts and PNR is generated very fast.

The software provides proxy IP addresses, bypassing IRCTC captcha, bypassing bank OTP, form autofill, login with multiple IDs with several pairs with the help of US-based server, allowing the users to fraudulently gain unauthorised access to computer network in contravention of rules and regulations.

"As number of seats available are limited, the use of this illicit software denies the genuine and authorised passenger a fair access to the IRCTC server to get confirmed Tatkal tickets," it alleged.


Comments

Popular posts from this blog

10 Best Forum Software For Webmasters

10 Best Forum Software For Webmasters Do you want to create your online discussion forum or online community where people can discuss about their favorite topics? In this article, you can see 10 best forum software (scripts for setting up discussion forums) that can be used free of cost. Although some scripts are paid but rest of these forum scripts are free to use.You only need to buy hosting space and domain name for your website and after then you can install any of these forum scripts to start your own discussion forums on the internet. Online discussion forums generate huge page views because thousands of people want to join online discussion forums to ask questions or share knowledge. Some of online marketers join forums to discuss about their products with community members. You don't need to acquire any kind of technical skill to run a professional discussion forums because these days, almost all web hosting providers offer one click script installer which h...

|Bypass Symlink on 2013 Server With Different .htaccess and Methods by Sen Haxor |

Hi, Guys,  Please a wonderfull tutorial provided bt Sem;\  Today I gonna Explain how to bypass Symlink on 2013 Server With Different .htaccess and Methods. So let's Get Started :) Note: This method is not applicable for Godaddy, Bluehost, Hostgator and Hostmonstor Servers. For This First You Need the Following Files : 1 -> Sen Haxor CGI Shell 2 -> sen.zip 3 -> passwd-bypass.php 4 -> Turbo Brute force Cpanel 5 - > Port.py First Before Starting to symlink we need to create php.ini and ini.php to Disable Safe mode and Disabled Functions on the server . Use the Following Code : Make a php.ini with the following code safe_mode=Off And ini.php with <? echo ini_get("safe_mode"); echo ini_get("open_basedir"); include($_GET["file"]); ini_restore("safe_mode"); ini_restore("open_basedir"); echo ini_get("safe_mode"); echo...

How to Hack WhatsApp using just a GIF

A picture is worth a thousand words, but a GIF is worth a thousand pictures. Today, the short looping clips, GIFs are everywhere—on your social media, on your message boards, on your chats, helping users perfectly express their emotions, making people laugh, and reliving a highlight. But what if an innocent-looking GIF greeting with Good morning, Happy Birthday, or Merry Christmas message hacks your smartphone? Well, not a theoretical idea anymore. WhatsApp has recently patched a critical security vulnerability in its app for Android, which remained unpatched for at least 3 months after being discovered, and if exploited, could have allowed remote hackers to compromise Android devices and potentially steal files and chat messages. WhatsApp Remote Code Execution Vulnerability The vulnerability, tracked as  CVE-2019-11932 , is a double-free memory corruption bug that doesn't actually reside in the WhatsApp code itself, but in an open-source GIF image parsing library that What...