Railway police bust multi-crore tatkal ticket booking scam
Ever wondered how the railway ‘tatkal’ ticket booking gets exhausted within a couple of minutes of logging in to the IRCTC portal? Railway authorities found an answer to this recently.
The Railway Protection Force (RPF) earlier this month busted a racket where touts used a special software to bypass the IRCTC website and book tickets illegally.
RPF launched ‘operation thunder’ in June last year to nab ticket touts. During the operation, police raided several railway agent booking centres and arrested close to 400 touts across 200 odd cities.
While the task force arrested a few sleuths here and there, they were unable to nab the main culprit, Hamid Ashraf, the developer from Basti district in Uttar Pradesh, who is learnt to have fled the country. However, with the arrest of Ghulam Mustafa, a software developer from Jharkhand, on January 19 in Bhubaneshwar, the RPF busted the multi-crore ticket booking scam, which used a software called ‘ANMS’ to book tickets illegally.
Modus operandi
RPF officials said Mustafa, a resident of Bangalore began touting counter tickets in 2015. He later started selling software. The accused during interrogation said his software business was spread across the Middle-East, Pakistan and Bangladesh. While software distribution was systematic with a top down administration, the developers had lead sellers who would sell the software to a smaller agent. They also rented out software to agents across the country on a monthly-basis through WhatsApp. Officials say, the ANMS software had the ability to book tickets at a faster speed compared to the IRCTC website, by bypassing captcha and bank OTP.
Also read: Kerala train users can’t digest BJP’s parotta politics
The team generated a revenue of ₹10-15 crore a month, according to a PTI report.
At the time of his arrest, Mustafa had 563 personal IRCTC accounts, a list of 2,400 SBI branches and about 600 regional rural bank branches through which he operated.
The mastermind
“Mustafa was just one of the many who sold software to agents. The main accused in the case is one Hamid Ashraf, the developer from Basti district in Uttar Pradesh. He is suspected to be involved in money laundering, hawala transactions and terror funding,” Arun Kumar, DG of RPF said. Kumar noted that the group laundered money through bitcoins and crypto-currencies.
A PTI report quoted Kumar as saying Ashraf was suspected to be involved in the bombing of a Gonda school in Uttar Pradesh in 2019. This was a month after the police cracked down on several ticket booking centres under ‘operation thunder plan’.
According to reports, Ashraf was arrested in 2016 in Gonda in Uttar Pradesh in a ticketing scam. However, after getting bail from the local court, he is believed to have fled to Dubai via Nepal.
Also read: Late, but just in time: Centre’s plan to hike train fares is need of the hour
In May 2018, RPF had cracked down on a Mumbai-based agent named Salman Khan who used a similar software ‘Counter V2’ at a monthly rental of ₹5,000 per month. Khan revealed that a network of 5,400 agents used the software and operated across the country.
Kumar told that both the cases were related and they are looking to crackdown on similar software available in the dark net.
The officials had then said the software used optical correction recognition, where it bypassed the IRCTC captcha and the options for bank OTP, to generate tickets. While for a general user it took one to two minutes to fill out the details, the software users were able to do multiple entries with auto-fill feature in fraction of seconds. The software, they say, allowed 500 different IP addresses on a single user machine.
After the police crackdown, Ashraf seems to have messaged the DG detailing him about the security loopholes in the IRCTC portal.
Also read: Why private players in Indian Railways could be a game changer
He has even instructed IRCTC to build its own security system and write its own code for Centre for Railway Information Systems (CRIS) to prevent other software from bypassing its security features.
(With inputs from PTI)