Business Standard

CBI techie nabbed over software that hacks Railways Tatkal ticket system

A CBI programmer is alleged to be the brains behind an illicit software that allows travel agents to book hundreds of Tatkal tickets with a single click of the mouse

Indian Railways

.

Press Trust of India New Delhi
How do some travel agents manage to book confirmed railway tickets under Tatkal category, while thousands of passengers make unsuccessful bids on their computers or at reservation counters? 

Well, it seems it is all programmed.

A software programmer of the anti-corruption agency CBI is alleged to be the brain behind one such illicit software which subverted the Railways reservation system, allowing the agents to book hundreds of Tatkal tickets at a single click of the mouse, officials said on Wednesday in New Delhi.  

The Central Bureau of Investigation (CBI) has arrested its assistant programmer Ajay Garg and his front, Anil Gupta, for developing and distributing the software to agents for a price, agency spokesperson Abhishek Dayal said.
 
Besides Garg and Gupta, the agency has booked 13 others, including Garg's family members and travel agents.

Garg's parents, wife, sister, and brother-in-law were allegedly instrumental in making collections from travel agents using his software, it said.

The money from the travel agents who booked tickets using his system was collected in bitcoins and through hawala channels to avoid scrutiny, he said, adding that 10 agents -- seven from Jaunpur and three from Mumbai -- have been identified in this connection so far.

"The case is in line with our policy of having a robust internal mechanism of ensuring probity and having a zero tolerance towards corruption," CBI Director Alok Verma said.

The ticket bookings under Tatkal quota open at 10 am for AC class and 11 am for non-AC coaches for the trains departing next day. Under the quota, a fixed number of seats, in each coach, are sold at a premium by the railways to travellers who need tickets urgently.

A common complaint of passengers is that by the time they enter details on the IRCTC website or complete the booking process, seats under the Tatkal quota get full within minutes of the start of booking. Their bookings are either rejected or they get a wait-listed ticket, that too at a very steep price.

Some travel agents offer to provide confirmed tickets under the quota by charging a premium over and above Railways' prices.

The arrest of Garg and Gupta has exposed the alleged software trickery used by them to exploit the vulnerabilities of IRCTC ticket booking system, they said.

Thirty-five-year-old software engineer Garg had joined the CBI in 2012 through a selection process and has been working as an assistant programmer. Earlier, he had served with IRCTC, which handles ticketing system of the railways, between 2007 and 2011.

The CBI probe so far has indicated that Garg learned the vulnerabilities of the IRCTC ticketing software during his tenure there which he exploited in his software, they said.

"These vulnerabilities still exist in the IRCTC system that is why his software was able to dodge it for booking tickets of hundreds of passengers at one go," an official said.

These tickets were genuine and the payments of the tickets went to the Railways, they said.

Garg, who is alleged to be the mastermind, acted in the background, while his front, Gupta, distributed the software to travel agents and collected money on his behalf.

"Use of such software is illegal as per rules and regulations of IRCTC and also under the Railways Act. It was also alleged that the accused was collecting money for the use of such software by certain booking agents and had amassed huge wealth from these activities," Dayal said.

The CBI has carried out searches at 14 locations in Delhi, Mumbai, and Jaunpur during which it recovered Rs 89.42 lakh in cash, gold jewellery valued at Rs 61.29 lakh, 15 laptops, 15 hard disks, 52 mobile phones, 24 SIM cards, 10 notebooks, six routers, four dongles and 19 pen drives, Dayal said.

Through the software, Garg was allegedly able to keep statement of tickets booked by the agents and charged them on every ticket, in addition to the cost of the software.

Once installed on the agents' computers, the software needed a username and password which Garg allegedly changed from time to time to ensure recurring payments, they said.

Garg used a complex chain of Indian and foreign servers, online masking and cryptocurrency to facilitate his operations, the officials said, adding that his luck ran out after the agency received source information about his operations.

He was kept under surveillance before being arrested after a late night operation by the agency. While Garg was arrested in New Delhi, Gupta was nabbed from Jaunpur. 

"...it usually takes 120 seconds in normal course for generation of a single PNR but this illegal software enables the user to book multiple Tatkal tickets online in much less time," the CBI FIR alleged.

It said the software enables the user to save all required details to book Tatkal tickets beforehand in the software which are automatically filled-in the IRCTC portal as soon as Tatkal booking starts and PNR is generated very fast.

The software provides proxy IP addresses, bypassing IRCTC captcha, bypassing bank OTP, form autofill, login with multiple IDs with several pairs with the help of US-based server, allowing the users to fraudulently gain unauthorised access to computer network in contravention of rules and regulations.

"As number of seats available are limited, the use of this illicit software denies the genuine and authorised passenger a fair access to the IRCTC server to get confirmed Tatkal tickets," it alleged.

Garg and Gupta have been sent to five-day CBI custody by a court.

Don't miss the most important news and views of the day. Get them on our Telegram channel

First Published: Dec 28 2017 | 9:19 AM IST

Explore News