The Big Tatkal Ticket Scam you don’t know about

New Delhi: So you are standing at the railway ticket counter to book your tickets for your summer holiday? Or waiting for the clock to strike 10am for the IRCTC website to open its portals for you to book tickets in the ‘tatkal’ section?

But there are luckier mortals, those who go by the name of agents, who book tatkal tickets in less than a minute by bypassing security features of the website using high-tech software. All of this happens while you slog it out to even open the website. Feels awful, right?

A DB Post investigation shows over 20 paid software are available in the market, which are used by agents to book railway tickets within a fraction of second, that takes laymen like us several minutes and many attempts even with high-speed Internet connection. Surprised? Wait, there’s more—this is a multi-crore business in India as passengers seem to be ready to pay a premium of ₹500-₹1,500 on each seat to get a confirmed berth.

Malicious software to bypass security measures

The Indian railways administration is not unaware of the fact that malicious software is being used to bypass so-called high-tech security measures of IRCTC sites. But no concrete steps have been taken to counter this menace. A crackdown has so far led to the arrest of booking agents but a software developer seems to be way beyond their reach.

Such paid software is available on the Internet wherein agents only need to fill in passengers’ and train details along with the mode of payment, while the rest of the booking takes place automatically. The advanced software even bypasses security features like OTP from netbanking and CAPTCHA fields that are added to a website to check if a user is human or an automated programme.

Steep price for wait-listed ticket

The ticket bookings under a tatkal category comes at a premium and the window to book one opens up at 10am for the AC class and 11am for non-AC coaches for trains departing the next day. Fixed numbers of seats in each coach are available to travellers who need tickets urgently. Passengers often complain that by the time they enter their details on the website or complete the booking process, seats under tatkal quota disappear. Their bookings are either rejected or they get a wait-listed ticket for a steep price. However, travel agents get you confirmed tickets at a premium price.

Software developers communicate on WhatsApp

DB Post, in its investigation, found over 20 such software services – some  of the famous ones include, Redmirchy, Hit PNR, BlackTS, Hp, counter, spark, classic, cloud, cycle, Global, and Crown. Posing as a customer, this reporter contacted www.tatkalsoftware.co.in, which offers such software on a monthly rental basis.

Interestingly, all software developers only communicate on WhatsApp so that it is difficult to track them. “₹2,500 for two days for getting access to 2-PNR software,” quoted the seller.” He also had a higher range of software for which he quoted ₹10,000. The operator claims that he has sold over 8,000 copies of the software.

Demos available on YouTube

Another seller of RedMirchy software at www.newtatkalsoftware.com claimed that thousands of agents are using his software to book tickets and that their technical team keeps a track on tickets booked by each software subscriber. He asked for money to be deposited to a bank account to get access to the software. He revealed that a series of demos are available on YouTube, which can guide a customer.

All the modes of payment were online and their technical team would download the software and assist people using the Team Viewer software, which helps another user to gain remote access to the computer.

https://youtu.be/gggQWJweKos

Multiple tickets by bluffing IP address and mobile number

In-depth analysis of the software shows that it provides proxy IP addresses, bypasses IRCTC captcha, bank OTP, forms autofill, logs in with multiple IDs with several pairs with the help of server-based outside India, allowing the users to fraudulently gain unauthorised access to a computer network in contravention of rules and regulations.

Verifying the details of the scamsters, UP STF’s Triveni Singh, a cybercrime investigator and additional superintendent of police said, “There are over two dozen such software which are being used to book tickets illegally and are under our scanner. There is a limit set by IRCTC on the number of bookings by tracking IP addresses of computers and registered mobile numbers. But the gangs are generating multiple tickets by spoofing IP address and mobile number. This is a pan-India network and thousands of tickets are being booked through this.”

Agents connected through WhatsApp

Probing the leads, Uttar Pradesh – Special Task Force (STF) arrested two persons from Lucknow. Among them are Suresh Kumar Maurya and Rakesh Kumar Gupta. On accessing their laptop, STF sleuths came across some incriminating online tools.

“These gangs have their major setup in metro cities and are connected with agents through WhatsApp. They have made several groups based on cities and software they use. As soon as the police team conducted a raid, they sent a message in all their groups to avoid using the software as they had come under police scanner,” said Triveni Singh, a cybercrime investigator and additional superintendent of police with STF.

Indian Railways isn’t losing any revenue due to such software as the booking amount goes to its account. But such activities promote an unfair practice as regular customers are cheated of their privileges by agents who have access to malicious programmes.

Multiple security features to check fraudulent bookings

Railway minister Piyush Goyal has also directed the Indian Railway Catering and Tourism Corporation (IRCTC) and the Centre for Railway Information Systems (CRIS) to strengthen their cyber security. According to a senior railway official, the matter has come to their notice and they are trying to track such operators with the help of law enforcement agencies.

Multiple security features to check fraudulent bookings

Railway minister Piyush Goyal has also directed the Indian Railway Catering and Tourism Corporation (IRCTC) and the Centre for Railway Information Systems (CRIS) to strengthen their cyber security. According to a senior railway official, the matter has come to their notice and they are trying to track such operators with the help of law enforcement agencies. A senior railway official said that multiple security features have been added to their website to keep a check on such bookings, which includes limited tickets to a particular IP address and registered mobile numbers. But such software also enables agents to bypass such rules.

The Railways’ vigilance department has contacted various security agencies and state police to investigate the case and curb such malpractices. A senior railway official said that multiple security features have been added to their website to keep a check on such bookings, which includes limited tickets to a particular IP address and registered mobile numbers. But such software also enables agents to bypass such rules. The Railways’ vigilance department has contacted various security agencies and state police to investigate the case and curb such malpractices

Social media reach of corrupt agents

Last year, the Central Bureau of Investigation (CBI) arrested its assistant programmer Ajay Garg and his associate Anil Gupta for developing and selling illegal software to travel agents.
These agents are tech-savvy as they were promoting their software on social media platforms such as Google Hangouts, Whatsapp, YouTube, Facebook to reach agents in smaller cities.

Recommended For You


Shashank Shekhar

About Shashank Shekhar

view all posts

Shashank Shekhar works as a Deputy Editor for DB Post. He specialises in investigative, terrorism, internal security and policy-making related stories. He has an active interest in tracking cybercrime, financial fraud, technology, automobile and latest trends. He can be reached at: shashank.shekhar3@bdcorp.in Follow him on Twitter @shashankrnq