Cyber Crime I
LOK ISSUES
LOK ISSUES

Cyber Crime Stories – 'Busting An e-Ticket Racket'

Cyber Crime I

I knew that change was near, and that nature of crime was going to be transformed with changing technology. Without any official backing, I started to read about cyber crimes. I then pursued professional courses on the subject and today I am a PhD holder. I was also conferred with the Cyber Cop of the Year (2012) award by Data Security Council of India (DSCI) NASSCOM.

Over the past few years, my interest in cyber crime and financial fraud has brought me many digital crime assignments from central agencies and other government bodies. Recently, I busted a gang of software sellers, who helped railway touts book train tickets within a fraction of seconds. Booking train tickets on the Indian Railways Catering and Tourism Corporation (IRCTC) website generally takes several minutes, even with high-speed Internet connections.

Tracking this multi-crore, pan-India racket was a tough job. The software they used bypassed all the security norms put in place by the Central government website. The agents would merely fill in the details of the passengers and the required train, along with the mode of payment and voila… the tickets were booked. An in-depth analysis of the software showed that it provided proxy IP addresses; bypassed IRCTC captcha and bank OTP; allowed forms autofill; and logins with multiple IDs.

The servers were usually based outside India, allowing the users to fraudulently gain unauthorised access to a computer network in contravention of rules and regulations. These software makers were based out of major metro cities and were connected with agents through different WhatsApp groups. It was thus important for us to penetrate their network.

My team also went undercover and one of our team members posed as a customer to see how an agent booked the ticket. And then we followed the electronic trail. Following the crackdown, IRCTC has introduced multiple security features to their website to keep a check on such bookings. But you can never be sure of a foolproof system.

The nature and magnitude of cyber crimes are changing every day. Last month, I arrested four hackers, who booked tickets online from the website of the UP’s State Road Transport Corporation (UPSRTC) without paying up. We managed to figure their modus operandi before they could cause a bigger damage. We found that they were exploiting the vulnerabilities of the online payment system of the UPSRTC website to book counterfeit e-tickets through a software called ‘Burp Suite’. After procuring these free tickets, they would then sell them on WhatsApp and Facebook groups.

Robbers no longer need to enter a bank with guns to steal money, it can happen with just a click of a button. Here, the robber doesn’t have a face, or any record, all we have is a digital footprint. He or She can operate from any part of the world. Most cyber criminals are young and energetic and eager to learn. They know a bit of scripting.

And with a few sessions of hacking tutorials available on the internet, they are ready for the kill. They are learning something new each day, so cops working on cyber crime, need to hone their skills every day. The digital world comes with its own set of banes. While technology has made our lives hassle-free, it has also opened new avenues for thefts and frauds. From withdrawing money through cloned cards to trading vital information on the web, all this is happening in India. Unfortunately, not many in our law enforcement agencies are skilled enough to tackle such crimes.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.

Privacy Settings saved!
Privacy Settings

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. Control your personal Cookie Services here.

These cookies are essential in order to enable you to move around the website and use its features. Without these cookies basic services cannot be provided.

Cookie generated by applications based on the PHP language. This is a general purpose identifier used to maintain user session variables. It is normally a random generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages.
  • PHPSESSID

Used on sites built with Wordpress. Tests whether or not the browser has cookies enabled
  • wordpress_test_cookie

In order to use this website we use the following technically required cookies
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

Decline all Services
Accept all Services
0
Would love your thoughts, please comment.x
()
x