Spotting
 Timeline
 Travel Tip
 Trip
 Race
 Social
 Greeting
 Poll
 Img
 PNR
 Pic
 Blog
 News
 Conf TL
 RF Club
 Convention
 Monitor
 Admin
 Followed
 Rating
 Correct
 Wrong
 Stamp
 HJ
 Vote
 Pred
 @
 FM Alert
 FM Approval
 Pvt
News Super Search
 ↓ 
×
Member:
Posting Date From:
Posting Date To:
Category:
Zone:
Language:
IR Press Release:

Search
  Go  

Tamil Nadu Express - தங்களை அன்புடன் வரவேற்கிறது - Swaroop Kutti

Full Site Search
  Full Site Search  
 
Mon Feb 24 08:02:02 IST
Home
Trains
ΣChains
Atlas
PNR
Forum
Stream
Gallery
News
FAQ
Trips/Spottings
Login
Feedback
Advanced Search
<<prev entry    next entry>>
News Entry# 399781
  
Jan 24 (19:28) Pay me Rs 2L/month, I’ll fix railway systems, scamster tells RPF (timesofindia.indiatimes.com)
IR Affairs
0 Followers
886 views

News Entry# 399781  Blog Entry# 4548256   
  Past Edits
This is a new feature showing past edits to this News Post.
NEW DELHI: In an interesting twist to the multi-crore rail e-ticketing racket, its mastermind has reached out to the Railway Police Force (RPF) chief claiming “huge gaps” in the transport behemoth’s IT security system. The main accused, Hamid Ashraf, who is in Dubai, has claimed that nabbing him or some people won’t put an end to such rackets as others can develop similar ‘illegal’ software and use them by taking advantage of the security loopholes in the IRCTC’s system.RPF is working on a strategy to catch Ashraf, after the recent arrest of another key player in this racket Ghulam Mustafa. Ashraf had fled the country after jumping bail in 2016. He was arrested in a similar rail e-ticketing fraud when he was in Class XII. In a series of WhatsApp broadcasts, Ashraf claimed that he had repeatedly flagged loopholes in the...
more...
IT security system developed by government-owned Centre for Railway Information Systems (CRIS), which IRCTC uses for ticketing. “The agencies did not take measures to plug the loopholes and so how can you hold me responsible? People did not pay heed to the details I had shared with them; all of them thought I was mad,” he said in the text messages addressed to RPF director general Arun Kumar.From the messages, it appeared that Ashraf reached out to RPF DG after his press conference where he said that the money was suspected to be used for terror financing. “If you give interviews to TV channels like this, no one will marry me,” he said. Pointing out that the government agencies were unable to fix “such a security issue” even after he shared details through “more than 500 emails and WhatApp messages”, he said this had raised serious questions about their ability to deal with critical cyber security issues. “We are concerned about any lapses that can be exploited by criminals and anti-national elements. We have been flagging this issue and have urged the departments concerned to take measures,” an official said.In his messages, Ashraf, who is believed to have been trained by an IT expert, has offered help to the railways, IRCTC and CRIS to secure the system. “Give me a chance, I will secure the IRCTC system and CRIS. Arresting me won’t help as there will be 10 more to come out with such software... I am not guilty or wrong so I am posting these details,” he said. The accused even went to the extent of saying that the railways can hire him at Rs 2 lakh monthly salary as an ‘ethical’ hacker as IT giants do. Claiming that he has deactivated and withdrawn the illegal software that he had sold to many, he said, “I want this tension to end so that I can enjoy my life with my girlfriend…Sir, please bachha ko maaf kardijiye. Life mein dubara railways ke software nehin banaoonga. (Please excuse me for this. I will never develop any such software for railways).” The accused listed out several steps that the railways, IRCTC and CRIS could take to ensure that none can bypass IT security system.“You allow two tickets in a day per IP address. Similarly why don’t you fix only one IRCTC ID that can be logged on to the system per IP address. People log into the system with 50 IRCTC IDs generated from one IP address and until you address this, common people will keep suffering,” Ashraf said.On in the issue of bypassing of Captcha and OTP, he claimed that he had sent the details about the bug used for this to banks and IRCTC.
Scroll to Top
Scroll to Bottom
Go to Mobile site
Important Note: This website NEVER solicits for Money or Donations. Please beware of anyone requesting/demanding money on behalf of IRI. Thanks.
Disclaimer: This website has NO affiliation with the Government-run site of Indian Railways. This site does NOT claim 100% accuracy of fast-changing Rail Information. YOU are responsible for independently confirming the validity of information through other sources.
India Rail Info Privacy Policy