Massive Aadhaar Racket Busted In Kanpur; Fingerprint, Retina Security Breached

Yesterday we had reported that Govt. is forcing all telecom users to link their SIM cards with Aadhaar, otherwise their mobile services would be blocked.

Barely 24 hours of this development, cops in Uttar Pradesh have busted a massive Aadhaar card racket, wherein hackers were creating fake Aadhaar cards with a precision which would impress even Sherlock Holmes.

The bad news is that, hackers have now successfully breached the so-called solid security protocols of fingerprints and retina scanning, and hacked into the entire UIDAI database to execute this daring operation.

How will now Govt. ensure safety and protection of crores of UIDAI data, when such blatant security breach has been reported from a Tier 2 city, in one of the most technologically backward states of India?

Too many questions, but very few answers here.

Aadhaar Racket Busted By UP Police

In the last few weeks, police were getting complaints related to fake Aadhaar cards from places such as Deoria, Kushinagar and even capital of UP: Lucknow.

A special task force, STF was formed in Lucknow to track this menace, and when they cracked it, it was an eye-opener.

On September 9th, the STF arrested Saurabh Singh, who is the mastermind behind this scam, and along with that, 10 of his accomplices were also taken into custody from Kanpur.

11 laptops, along with 12 mobile phones were recovered, along with these ‘ingredients’ using which the whole scam was being operated:

• 38 fingerprints on paper
• 46 fingerprints manufactured by chemicals
• 2 Aadhaar finger-scanners
• 2 finger-scanning devices
• 2 iris retina scanners
• 8 rubber stamps
• 18 Aadhaar cards
• A webcam
• GPS equipment
• Polymer Curing Instrument.

Cyber Crime Police Station in Lucknow has filed a case against them, under these sections: Sections 419, 420, 467, 468, 471, 474 and 34 of the Indian Penal Code, Sections 66 and 66C of the Information Technology Act and Section 7/34 of the Aadhaar Act.

The Modus Operandi of Scamming Aadhaar’s Security

As per the cops, the hackers were able to tamper with the source code of UIDAI application client, after which they were able to clone the tool on their own laptops, thereby accessing the massive database, as and when required.

This is the same software which is used by Aadhaar enrollment centers to signup for Aadhaar.

Then, they would bypass the entire UIDAI security structure, and bypass operator authentication process and create fake Aadhaar cards.

Every such Aadhaar card generated was sold for Rs 5000.

One key detail, which makes sense now, as they have been nabbed: These hackers somehow accessed the fingerprint details of the UIDAI operators, who were authorized to access the UIDAI registration system.

They used to copy these fingerprints on butterpaper, and then, using the access, they would be create fake fingerprint on polymer resin, and then create fake Aadhaar cards using the same.

Cops investigating this case have said that as the hackers were able to bypass fingerprinting access, it is possible that they have been able to bypass retina security as well.

In fact, Police have now decided to audit the entire Aadhaar enrollment process, to understand how deep this security breach is. Besides, it has also been found that norms set by UIDAI have not been followed by registrars, enrolment agencies, supervisors, verifiers and operators; and action would be taken against them.

This is the first such case, wherein technical and security protocols have been hampered, source code of software tampered with, and fake fingerprinting has been used to churn out fake Aadhaar cards.

It may have some far-reaching consequences now.

Do share your opinions by commenting right here.