Railway Minister Piyush Goyal today directed the IRCTC and the Centre for Railway Information Systems (CRIS) to strengthen cybersecurity in the wake of the alleged scam.
The CBI earlier this week arrested its assistant programmer Ajay Garg and his associate Anil Gupta for developing and selling the illegal software to travel agents, agency spokesperson Abhishek Dayal said. The agency has charged 13 others, including members of Garg's family and travel agents, in the alleged scam.
The money from the travel agents was collected in bitcoins and through hawala channels to avoid suspicion, and 10 agents -- seven from Jaunpur and three from Mumbai -- have been identified so far, he added.
The ticket bookings under Tatkal category open at 10 am for AC class and 11 am for non-AC coaches for the trains departing the next day. A fixed number of seats in each coach are available to travellers who need tickets urgently; however, the price is more than the regular cost of the ticket.
Passengers often complain that by the time they enter their details on the Indian Railway Catering and Tourism Corporation (IRCTC) website or complete the booking process, seats under Tatkal quota disappear. Their bookings are either rejected or they get a wait-listed ticket for a steep price. However, travel agents get you confirmed tickets at a premium price.
"...it usually takes 120 seconds in normal course for generation of a single PNR but this illegal software enables the user to book multiple Tatkal tickets online in much less time," the CBI FIR alleged.
The software provides proxy IP addresses, by passing IRCTC captcha, bank OTP, form autofill, login with multiple IDs with several pairs with the help of US-based server, allowing the users to fraudulently gain unauthorised access to computer network in contravention of rules and regulations, it said.
A software engineer, 35-year-old Garg had joined the CBI in 2012 as an assistant programmer. He had worked with the IRCTC between 2007 and 2011. The CBI probe has revealed that Garg reportedly became aware of the vulnerabilities of the IRCTC ticketing software while working there.
"These vulnerabilities still exist in the IRCTC system that is why his software was able to dodge it for booking tickets of hundreds of passengers at one go," an official said.
Through the software, Garg was allegedly able to keep a record of tickets booked by the agents and charged them on every ticket, in addition to the cost of the software. The software once installed on the agents' computers needed a user name and password which Garg allegedly changed from time to time to ensure recurring payments, CBO officers said. He used a complex chain of Indian and foreign servers, online masking and cryptocurrency to facilitate his operations, the officials said.
Garg had amassed huge wealth from these activities, Mr Dayal said. The CBI has carried out searches at 14 locations in Delhi, Mumbai and Jaunpur and recovered Rs 89.42 lakh in cash, gold jewellery worth Rs 61.29 lakh, 15 laptops, 15 hard disks, 52 mobile phones, 24 SIM cards, 10 notebooks, six routers, four dongles and 19 pen drives, Mr Dayal said
Both Garg and Gupta have been sent to five-day CBI custody.
(With inputs from agencies)
Get the latest election news, live updates and election schedule for Lok Sabha Elections 2019 on ndtv.com/elections. Like us on Facebook or follow us on Twitter and Instagram for updates from each of the 543 parliamentary seats for the 2019 Indian general elections.