New Delhi: In an interesting twist to the multi-crore rail e-ticketing racket, its mastermind has reached out to the chief of the Railway Police Force (RPF) claiming “huge gaps” in the transport behemoth’s IT security system.
The main accused, Hamid Ashraf, who is in Dubai, has claimed that nabbing him or some people won’t put an end to such rackets as others can develop similar ‘illegal’ software and use them by taking advantage of the security loopholes in IRCTC’s system.
The RPF is working on a strategy to catch Ashraf, after the recent arrest of Gulam Mustafa, another key player in this racket. Ashraf had fled the country after jumping bail in 2016. He was arrested in a similar rail e-ticketing fraud when he was in Class XII.
In a series of WhatsApp broadcasts, Ashraf claimed he had repeatedly flagged loopholes in the IT security system developed by government-owned Centre for Railway Information Systems (CRIS), which the IRCTC uses for ticketing. “The agencies did not take measures to plug the loopholes and so how can you hold me responsible? People did not pay heed to the details I had shared with them; all of them thought I was mad,” he said in text messages addressed to RPF director general Arun Kumar.
From the messages, it appeared that Ashraf reached out to the RPF DG after Kumar’s presser where he said the money was suspected to have been used for terror financing. “If you give interviews to TV channels like this, no one will marry me,” he said in another text message.
Claiming that government agencies were unable to fix “such a security issue” even after he shared details through “more than 500 emails and WhatApp messages”, he said this had raised serious questions about their ability to deal with critical cyber security issues.
An official, however, said, “We are concerned about any lapses that can be exploited by criminals and anti-national elements. We have been flagging this issue and have urged the departments concerned to take measures.”
In his messages, Ashraf, who is believed to have been trained by an IT expert, has offered help to the Railways, IRCTC and CRIS to secure the system. “Give me a chance. Arresting me won’t help as there will be 10 more to come out with such software… I am not guilty or wrong so I am posting these details,” he said. The accused even went to the extent of saying that the Railways can hire him at a Rs 2 lakh monthly salary as an ‘ethical’ hacker, the way IT giants do.
Claiming that he has deactivated and withdrawn the illegal software he had sold to many, he said: “I want this tension to end so that I can enjoy my life with my girlfriend… Sir, please bachha ko maaf kardijiye. Life mein dubara railways ke software nehin banaoonga. (Please excuse me for this. I will never develop any such software for Railways).”
Ashraf listed out several steps the Railways, IRCTC and CRIS could take to ensure that no one games the IT system.
Source: Economic Times
