Cyber Crime I – 'Busting An e-Ticket Racket'
I knew that change was near, and that nature of crime was going to be transformed with changing technology. Without any official backing, I started to read about cyber crimes. I then pursued professional courses on the subject and today I am a PhD holder. I was also conferred with the Cyber Cop of the Year (2012) award by Data Security Council of India (DSCI) NASSCOM.
Over the past few years, my interest in cyber crime and financial fraud has brought me many digital crime assignments from central agencies and other government bodies. Recently, I busted a gang of software sellers, who helped railway touts book train tickets within a fraction of seconds. Booking train tickets on the Indian Railways Catering and Tourism Corporation (IRCTC) website generally takes several minutes, even with high-speed Internet connections.
Tracking this multi-crore, pan-India racket was a tough job. The software they used bypassed all the security norms put in place by the Central government website. The agents would merely fill in the details of the passengers and the required train, along with the mode of payment and voila… the tickets were booked. An in-depth analysis of the software showed that it provided proxy IP addresses; bypassed IRCTC captcha and bank OTP; allowed forms autofill; and logins with multiple IDs.
The servers were usually based outside India, allowing the users to fraudulently gain unauthorised access to a computer network in contravention of rules and regulations. These software makers were based out of major metro cities and were connected with agents through different WhatsApp groups. It was thus important for us to penetrate their network.
My team also went undercover and one of our team members posed as a customer to see how an agent booked the ticket. And then we followed the electronic trail. Following the crackdown, IRCTC has introduced multiple security features to their website to keep a check on such bookings. But you can never be sure of a foolproof system.
The nature and magnitude of cyber crimes are changing every day. Last month, I arrested four hackers, who booked tickets online from the website of the UP’s State Road Transport Corporation (UPSRTC) without paying up. We managed to figure their modus operandi before they could cause a bigger damage. We found that they were exploiting the vulnerabilities of the online payment system of the UPSRTC website to book counterfeit e-tickets through a software called ‘Burp Suite’. After procuring these free tickets, they would then sell them on WhatsApp and Facebook groups.
Robbers no longer need to enter a bank with guns to steal money, it can happen with just a click of a button. Here, the robber doesn’t have a face, or any record, all we have is a digital footprint. He or She can operate from any part of the world. Most cyber criminals are young and energetic and eager to learn. They know a bit of scripting.
And with a few sessions of hacking tutorials available on the internet, they are ready for the kill. They are learning something new each day, so cops working on cyber crime, need to hone their skills every day. The digital world comes with its own set of banes. While technology has made our lives hassle-free, it has also opened new avenues for thefts and frauds. From withdrawing money through cloned cards to trading vital information on the web, all this is happening in India. Unfortunately, not many in our law enforcement agencies are skilled enough to tackle such crimes.