Ever wondered how some travel agents manage to book hundreds of confirmed railway tickets while thousands across the country struggle to get even a single Tatkal ticket on the IRCTC website?
A programmer with Central Bureau of Investigation is alleged to be the mastermind behind one such illicit software which subverted the railways’ reservation system, allowing the agents to book hundreds of Tatkal tickets simultaneously.
The CBI has arrested its assistant programmer Ajay Garg and his front man Anil Gupta, for developing and distributing the software to agents for a price, CBI Spokesperson Abhishek Dayal said on Wednesday, December 27.
Learned the vulnerabilities of IRCTC
Software engineer Garg, 35, joined the CBI in 2012. Earlier, he had served with the IRCTC, which handles the railways’ ticketing system. The CBI probe indicated that Garg learnt the vulnerabilities of the IRCTC ticketing software during his tenure there.
Besides Garg and Gupta, the agency has booked 13 others, including Garg’s family members and travel agents. Garg’s parents, wife, sister and brother-in-law were allegedly instrumental in making collections from travel agents using his software, he said.
The illegal software is much faster
It usually takes 120 seconds to generate a PNR, but the illegal software enabled a user to book multiple Tatkal tickets in much less time.
“These vulnerabilities still exist in the system,” the CBI official said.
How the software works
Garg used a complex chain of Indian and foreign servers, online masking and cryptocurrency to facilitate his operations. Garg’s software enables the user to save all required details to book Tatkal tickets beforehand in the software. With this software, the PNR is generated very fast.
It provides proxy IP addresses, bypassing IRCTC captcha, bypassing bank OTP, form autofill, login with multiple IDs with several pairs with the help of a US-based server, allowing the users to fraudulently gain unauthorised access to the computer network.
The software once installed on the agents’ computers needed a username and password which Garg allegedly changed from time to time to ensure recurring payments
Received money in bitcoins
Through the software, Garg was allegedly able to keep the statement of tickets booked by the agents and charged them on every ticket, in addition to the cost of the software.
The money from the travel agents who booked tickets using his system was collected in bitcoins and through hawala channels to avoid scrutiny.