The CBI sources said during initial investigation it has emerged that Ajay Garg, Assistant Programmer at the agency, and his front, Anil Gupta, had hosted their illegal software on a USA-based server while emails were created on a Russian server to avoid detection.
They said the software created by them had to be hosted on a server and the end users could access it through a user name and password provided by Mr Garg and Mr Gupta.
The duo used to charge Rs 1,000-1,200 from travel agents using their software.
The software which they christened 'Neo' was hosted on a USA-based server, they said.
The sources said it was done to speed up the traffic on their servers and also avoid any detection and probe by investigating agencies here.
The sources said the agency has approached the Interpol seeking details of these back-end servers from the USA and Russia.
Thirty-five-year-old software engineer by profession, Mr Garg had joined the CBI in 2012 through a selection process and had been working as an assistant programmer. He had also worked with the IRCTC, which handles the ticketing system of the railways, between 2007 and 2011.
During the questioning, it emerged that their network was spread across the country, they said.
The agency has so far identified 10 travel agents who were part of the network but their questioning led the agency to more agents who subscribed to their illegal services, they said.
"...it usually takes 120 seconds in normal course for generation of a single PNR but this illegal software enables the user to book multiple Tatkal tickets online in much less time," the CBI FIR alleged.
It said the software enables the user to save all required details to book Tatkal tickets beforehand in the software which are automatically filled-in the IRCTC portal as soon as Tatkal booking starts and PNR is generated very fast.
The software provides proxy IP addresses, by passing IRCTC captcha, by passing bank OTP, form autofill, login with multiple IDs with several pairs with the help of US-based server, allowing the users to fraudulently gain unauthorised access to computer network in contravention of rules and regulations.