Ticketing scam: Indian Railway Minister Orders strengthening of cyber security

Indian Railway Minister Piyush Goyal has directed the IRCTC (which handles ticketing system of the railways) and the Centre for Railway Information Systems to strengthen cyber security in the wake of an alleged ticketing scam unearthed by the CBI.

“Information was received about running of illegal operations to book tatkal tickets of Indian Railways in illegal manner. After swift enquiry, it was found that Ajay Garg, ex-IRCTC employee and presently working with the CBI, was the kingpin of this entire network which involved numerous other persons,” the railway ministry said in a statement.

“Minister of Railways Piyush Goyal has now further ordered to continue this drive and identify similar cases which are causing inconvenience to genuine passengers,” the statement said.

The money from the travel agents was collected in bitcoins and through hawala channels to avoid suspicion and 10 agents — seven from Jaunpur and three from Mumbai — have been identified so far.

The ticket bookings under Tatkal category open at 10 am for AC class and 11 am for non-AC coaches for the trains departing the next day. A fixed number of seats in each coach are available to travellers who need tickets urgently; however, the price is more than the regular cost of the ticket.

Passengers often complain that by the time they enter their details on the Indian Railway Catering and Tourism Corporation (IRCTC) website or complete the booking process, seats under Tatkal quota disappear. Their bookings are either rejected or they get a wait-listed ticket for a steep price. However, travel agents get you confirmed tickets at a premium price.

The CBI FIR alleged that it usually takes 120 seconds in normal course for generation of a single PNR but this illegal software enables the user to book multiple Tatkal tickets online in much less time. The illegal software provides proxy IP addresses, by passing IRCTC captcha, bank OTP, form auto fill, login with multiple IDs with several pairs with the help of US-based server, allowing the users to fraudulently gain unauthorised access to computer network in contravention of rules and regulations.

A software engineer, Garg had joined the CBI in 2012 as an assistant programmer. He had worked with the IRCTC between 2007 and 2011. The CBI probe has revealed that Garg reportedly became aware of the vulnerabilities of the IRCTC ticketing software while working there.

CBI has arrested Garg, Gupta and has also booked 13 others, including his family members and travel agents.



Jahnavi M
Vulnerability analyst, Technical Writer, Security Blogger, Co-founder---SecKurity

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: