Railway e-ticket scamster exposes IRCTC's lax security system
24 January 2020
The mastermind behind the railway e-ticketing scam, Hamid Ashraf, has listed out information on 25 things which allegedly expose lax security of Indian Railway’s catering and ticketing arm IRCTC.
Ansari, who is also being hunted by IB, NIA and RAW, is also reported to have written a sensational message to the DG of Railway Protection Force (RPF). Zee news, quoting the DG of RPF, Arun Kumar, confirmed that he has received such a message and that the authenticity of the message is being investigated.
In the message, Hamid Ashraf is reported to have written that the illegal railway e-ticketing software, called ANMS, will be closed forever on 25 January 2020, along with the security loopholes of IRCTC portal because unlike Facebook and Google, IRCTC does not have its own security system.
He also challenged the DG if the IRCTC would be able to stop the sale of other illegal software after ANMS is shut down.
Hamid urged Kumar to fix IRCTC's security system which would help ordinary people to book tickets. He suggested that one user should be permitted on one IP address.
Hamid also offered to work with the security team of IRCTC and asked for a salary of Rs 2 lakh.
He also suggested that the anti-dumping method should be used which will not allow the IOS and Android software to crack and that ports scanning system will prevent IRCTC from going into bad traffic. He instructed that IRCTC should have its own security system and upload codes on CRIS that will prevent other software from working and create a new black e-ticketing record.
The message also said that the railway system is quite old, which they will understand after 10 years, India needs a cyber army and how ready are the railways for it.
He informed that he had alerted CRIS about the shortcomings of IRCTC several times, but not much attention was given. In the end, he admitted his mistake, he said he will not tamper with the railway software again.
He informed the police that he was with his girlfriend and that he was happy with his life.
The e-ticketing racket was busted by the RPF on January 21 it was investigated to have its roots in Dubai, Pakistan and Bangladesh. The racket is suspected to have generated revenue of Rs10-15 crore per month, according to Kumar.
The kingpin of the scam, Hamid Ashraf is a resident of Basti district in Uttar Pradesh, and is currently based in Dubai and believed to be operating the fake e-ticketing racket from there. He had been earlier arrested by the CBI.
Hamid, who is also a software developer, is alleged to be involved in the bombing of a Gonda school in 2019, he added.