Pay me Rs 2L/month, I’ll fix railway systems, scamster tells RPF | India News
The main accused, Hamid Ashraf, who is in Dubai, has claimed that nabbing him or some people won’t put an end to such rackets as others can develop similar ‘illegal’ software and use them by taking advantage of the security loopholes in the IRCTC’s system.
RPF is working on a strategy to catch Ashraf, after the recent arrest of another key player in this racket Ghulam Mustafa. Ashraf had fled the country after jumping bail in 2016. He was arrested in a similar rail e-ticketing fraud when he was in Class XII.
In a series of WhatsApp broadcasts, Ashraf claimed that he had repeatedly flagged loopholes in the IT security system developed by government-owned Centre for Railway Information Systems (CRIS), which IRCTC uses for ticketing. “The agencies did not take measures to plug the loopholes and so how can you hold me responsible? People did not pay heed to the details I had shared with them; all of them thought I was mad,” he said in the text messages addressed to RPF director general Arun Kumar.
From the messages, it appeared that Ashraf reached out to RPF DG after his press conference where he said that the money was suspected to be used for terror financing. “If you give interviews to TV channels like this, no one will marry me,” he said.
Pointing out that the government agencies were unable to fix “such a security issue” even after he shared details through “more than 500 emails and WhatApp messages”, he said this had raised serious questions about their ability to deal with critical cyber security issues.
“We are concerned about any lapses that can be exploited by criminals and anti-national elements. We have been flagging this issue and have urged the departments concerned to take measures,” an official said.
In his messages, Ashraf, who is believed to have been trained by an IT expert, has offered help to the railways, IRCTC and CRIS to secure the system. “Give me a chance, I will secure the IRCTC system and CRIS. Arresting me won’t help as there will be 10 more to come out with such software… I am not guilty or wrong so I am posting these details,” he said. The accused even went to the extent of saying that the railways can hire him at Rs 2 lakh monthly salary as an ‘ethical’ hacker as IT giants do.
Claiming that he has deactivated and withdrawn the illegal software that he had sold to many, he said, “I want this tension to end so that I can enjoy my life with my girlfriend…Sir, please bachha ko maaf kardijiye. Life mein dubara railways ke software nehin banaoonga. (Please excuse me for this. I will never develop any such software for railways).”
The accused listed out several steps that the railways, IRCTC and CRIS could take to ensure that none can bypass IT security system.
“You allow two tickets in a day per IP address. Similarly why don’t you fix only one IRCTC ID that can be logged on to the system per IP address. People log into the system with 50 IRCTC IDs generated from one IP address and until you address this, common people will keep suffering,” Ashraf said.
On in the issue of bypassing of Captcha and OTP, he claimed that he had sent the details about the bug used for this to banks and IRCTC.