IRCTC fraud is an exhibition of Technology Intoxication

Recently, a case was reported from Lucknow where one person by name Hamid Ashraf from a place called Basti, in UP was arrested for running a franchise chain of over 500 franchisees across the country who were indulged in cheating the IRCTC systems and the public in making Tatkal bookings through the IRCTC website.

I congratulate the Police in Bangalore who raised the alarm and took it to CBI and with the assistance of the UP police, the criminal was nabbed.

I would like to see that the 500 franchisees are also arrested and proceeded against since all of them are guilty of the conspiracy.

I understand from the above video that Hamid had put more than Rs 50 lakhs in his account at ICICI Bank. I therefore consider that the officials of ICICI Bank were aware that this person had amassed wealth much beyond his known means as it is stated that he is just 18 years old, studies in 12th class and lives in a shandy house. How did the Bank not recognize that there was some illegal activity going on in this house and the money deposited was “Money laundered” as per the definition of AML provisions?

How did the IRCTC miss the fact that the IP address from which the Tatkal bookings happened were coming from a single source day after day. I am sure that ultimately it was the log record at IRCTC that led to this person but why not earlier?

I therefore cannot absolve IRCTC from its gross negligence in letting such frauds happen for a prolonged period.

I had some time back indicated that in the case of Abhinav Srivatsava, where Aadhaar system was alleged to have been hacked, had highlighted the fraud possibility months in advance and UIDAI had not got the hint. Earlier there was also the case of the fraudulent website where also the fraud thrived for nearly three years even after had pointed out the fraud.

In all these cases several intermediaries may be faulted for not taking early preventive action which could have prevented the fraud. By the operation of Section 79 and Section 85 of ITA 2000/8 they may be held liable by the victims and the prosecution for civil and criminal penalties.

In the case of IRCTC also, there is a similar issue. It was on August 25, 2010, that is eight years ago that I had posted the following in my blog:

IRCTC to bar Online booking by Agents

Aug 25: After frequent complaints from individuals about the difficulties in Tatkal booking because of block bookings by agents, Railways appears to have taken steps to ban the agents from online booking for a period of one hour from 8.00 am to 9.00 am. Ref: report

In the light of the revelations about the use of “User end Scripts” to automate the bookings and breaking of Captcha, it has become evident that the system is being abused significantly. Common men were disillusioned of late with the online bookings particularly for Tatkal booking and would welcome this move whole heartedly. At the same time IRCTC needs to tighten the security to disable user end scripts and also black list the user accounts of those who use the automated scripts. They should also retain the option to cancel the booked tickets without refunds where they can record proper evidence on such wrongful use. Since technically any use of scripts such as available at Vrarun Kumar’s blog is illegal  (Offence under Section 66 of ITA 2008),  the penalty of losing the booking is a necessary measure that IRCTC should take.

It is also reported that the Railways may start an alternate online booking site to remove the monopoly of IRCTC. Report  The additional booking facility is likely to be introduced through

In this article, I had also quoted a blog shown below

After I had pointed this out and after one TOI reporter from Chennai contacted this techie, he removed the blog post. At that time no complaint had been filed and it appeared that the Techie had no malicious intentions and taken reasonable prompt action to remove the content on the potential offence having been brought to his notice. The TOI reporter was also responsible and did not sensationalize the issue. Otherwise it would have killed the career of a techie who was ignorant of Cyber Laws and acted just like what other techies always do.

I have called this tendency to show off the Tech Skills as “Technology Intoxication” which needs to be controlled. We see similar rebellious tendency when techies support Crypto Coins and post hacking tools in public or trade viruses in the underground.

The entire “Dark Web” is a compendium of such techies who unmindful of the damage they are doing to the society try to display their vulgar tech skills for others to exploit.

In the present case of Hamid Ashraf, he may or may not be technically qualified to develop the software. It is possible that he might have picked up this software from the dark web or other sources. We need to investigate this and try to eliminate the root.

I seriously urge the Police to take penal action on all the franchisees who made illegal money so that it would be a deterrent to others who use dark web tools to make money. Police should also question the Bank on why they allowed the money laundering and did not recognize that balance in the account was far above the known resources of the customer. The Income Tax authorities need to question themselves, why they were not able to trace the anamoly of a Rs 50 lakh Bank account by a 12th standard boy living in a modest hut.

Unless as a society we donot raise ourselves and be watchdogs, we cannot make progress in the country.

Now I have raised this issue here today and brought it to the notice of many Police officials also.

But will this case be pursued further to the logical end? or Will it be buried?

Will the 500 franchisees just ensure that a portion of their loot goes to right quarters so that the case does not proceed against them?

Will the Sicular politicians start saying that this is a vindictive action against a community?

As an honest citizen who keep watching the degradation of our society through corruption, I keep my fingers crossed and hope some honest police officials and some honest politicians and some honest media persons are still left in the society who will take this opportunity to take all steps that can be initiated to prevent such frauds in the future.


Print Friendly, PDF & Email

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.