Class 12th Passout Hacked Travel Portals & Booked 1500 Air-Tickets Without Paying Anything!

Education is sometimes not a necessity when it comes to fraud and online hacks. All you need is an evil mind, and a desire to make fool of the people.

Something similar happened in MP, where a 27-year-old class 12th pass out hacked 4 travel portals and booked 1500+ air tickets without paying a single penny.

And the hack is so simple, that you will wonder how did he think of this, and no one even noticed!

12th Passout Hacks Travel Portals & Book 1500 Air Tickets

Rajpratap Parmar is a 27-year-old youth from Madhya Pradesh, who found a way to hack online travel portals, very easily. He collaborated with his two relatives, and along with them, he hacked the websites, and booked 1500+ air tickets, in a span of 2 years.

All three were arrested by the police.

Once the tickets were booked, he used to sell them in the open market to travel agents, at 80% discount rate.

In fact, he was quite ‘popular’ among the travel agents who dealt with this underground trading of air tickets, and they approached him from far and wide, seeking his 80% discounted air tickets.

Modus Operandi: How To Book Air-Tickets For Free?

The modus operandi was pretty simple, and we wonder how come no online travel portal detected this.

First, Parmar would start booking the ticket by fake name and email id/phone number, and start booking any random sector air-tickets, for random dates.

He will continue booking the ticket, until the point where he has to make the payment, and select between submit and cancel payments.

Then, he will click on cancel, and then press the escape button several times to freeze the page. Once the page is frozen, he will edit the URL which is visible, write ‘Success’ at the specific location, and copy paste the URL to open it at any other tab.

Now, when that page is opened, the portal will assume that the payment has been done, (as success would be visible to the servers), and the ticket is booked.

No database hacking, and no server job here: simple manipulation of the URL to complete the payment.

How Was Parmar Caught?

In one such dealing, he booked an air-ticket for Goa, which was bought by a law-abiding citizen. When he saw that the name and email-id and even phone number mentioned in the ticket is wrong, and incorrect, he became suspicious.

He contacted the unit 7 of the Mumbai Crime Branch, and made a formal complaint. Based on this complaint, Unit In charge Satish Taware and Inspector N Sridhankar investigated the case, and nabbed the culprits.

This hacking case once again emphasizes the fact that online businesses should strengthen their security, and stop such incidents from happening.

We will keep you updated, as more details come in.

Comments are closed, but trackbacks and pingbacks are open.

who's online