1. Home
  2. Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

coastaldigest.com news network
August 4, 2017

Bengaluru, Aug 4: Bengaluru city police has arrested a young techie on the charge of accessing Aadhaar data following a complaint filed by the Unique Identification Authority of India (UIDAI) last week.

The arrested is Abhinav Srivastav, 31, an IIT-Kharagpur graduate, who is currently employed by ANI Technologies, which owns the Ola brand, as a software development engineer. He has been accused of accessing Aadhaar information in January 2017 through an app named ‘Aadhaar e-KYC’, which was available on the Google Play store till recently.

Police said Srivastav had developed five apps and made ₹40,000 from advertisements displayed on them. Police are now scanning all his apps to see whether more violations were committed. The Aadhaar e-KYC app was downloaded over 50,000 times from the Google Play store since its launch in January, the police said.

City Police Commissioner T. Suneel Kumar said that based on the complaint, six teams of police comprising 26 personnel were formed to nab Srivastav and they tracked him down to Koramangala after a week. He has been accused of using the services of another app, ‘e-hospital’, which is listed as an authenticated user agency (AUA) authorised to access UIDAI data.

A senior police officer said there were around 400 entities that have been authorised to access the data for authentication. Srivastav’s company was not among those authorised.

A native of Kanpur, Srivastav completed his M.Sc. in Industrial Chemistry from IIT-Kharagpur and joined a private firm in 2010 as a security researcher. He launched Qarth technologies in 2012 and shut it down in 2016 owing to financial reasons. In March 2016, Ola announced that it had acquired Qarth and its mobile payments product, X-Pay. Srivastav then joined another private firm before joining ANI Technologies last year.

Investigation revealed that the e-hospital company is not aware of his activities. However, further probe is on to ascertain the facts.

The ability of a software engineer to bypass strict protocols set in place by the UIDAI to access critical data puts the spotlight firmly on the security measures employed to protect Aadhaar data.

Police investigation have revealed that Srivastav had piggy-backed on the infrastructure of another app for hacking the data base.

“Aadhaar related information, legally housed by the National Informatics Centre server, was illegally and without authorisation accessed and used to support this mobile application,” said the police statement.

Srivastav, in order to give his ‘Aadhaar e-KYC’ app an air of authenticity, hacked into the server of the NIC, which houses the e-hospital system, which is a solution for government hospitals to handle patient care and other services, including medical records management.

As part of its regulations, the UIDAI accords certain agencies the title of an AUA, which can then provide Aadhaar-enabled services to the cardholder. For authentication, these agencies have to connect to the Central Identities Data Repository (CIDR) through the services of a Authentication Service Agency (ASA). ASAs are bound by regulations that stipulate encryption of data and logging of access.

The 'e-hospital’ platform had access as a registered AUA. Srivastav used this server to route his app requests for data access and managed to steal the data, the police said.

Question raised

In 2016, a paper titled ‘Privacy and Security of Aadhaar: A Computer Science Perspective’ by the Computer Science and Engineering Department of IIT-Delhi raised the question of leakage of Aadhaar number from an AUA.

The paper, which also discusses several other possible threat scenarios, said, “This, however, does not fully mitigate the risks and the possibility of leakage of the Aadhaar number from an AUA, either from the database, or during “Know Your Customer” (KYC) processes, or even during availing services, cannot be ruled out. In particular, there appear to be no safeguards or even guidelines, either technical or legal, on how the Aadhaar number should be maintained and used by various AUAs in a cryptographically secure way, and how to prevent the Aadhaar number of an individual from becoming public.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
coastaldigest.com news network
June 23,2020

Bengaluru, June 23: A senior IAS officer allegedly, who had faced arrest in connection with I Monetary Advice (IMA) scam, today allegedly committed suicide by hanging himself at his residence in the city. 

The deceased is BM Vijay Shankar. He had been arrested by special investigation team (SIT) in the I Monetary Advice (IMA) case when he was deputy commissioner (DC) Urban Bengaluru. 

He had spent few days in the jail over his alleged involvement in the IMA scam and was released on bail. The IMA case is currently being probed by Central Bureau of Investigation.

Shankar was staying in Jayanagar near Ashoka Pillar along with his family members.

Shankar was accused of taking Rs 1.5 crore to approve a report on financial irregularities, and was accused of giving a clean chit to the main accused of IMA scam, Mohammed Mansoor Khan.

The incident came to light around 8 pm. It is alleged that Shankar ended his life around 7.00 pm, when he was alone in the house. Shankar was said to be under severe depression after his name surfaced in the scam, and his subsequent arrest.

However, the exact reason for his extreme step is yet to be identified. Tilak Nagar police have taken up the case of mysterious death under CrPc and are probing further. As of now the police officials have not found any death note. A senior officer said: "once we finish the procedures of investigating the spot his body will be shifted to Victoria hospital for post mortem. The report will find out exact cause of his death".

Police commissioner Bhaskar Rao said: "We have taken up the case of unnatural death with regard to Vijay Shankar's death. Further probe will reveal more details about it".
 

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
January 15,2020

Srinagar, Jan 15: The Jammu and Kashmir administration on Tuesday evening allowed mobile Internet in parts of Jammu region and broadband in establishments providing essential services, days after the Supreme Court ordered a review of the curbs imposed in the Union Territory.

The order comes into effect from January 15 and shall remain in force for seven days, a government communication said.

In a three-page order, the administration asked Internet service providers to offer broadband facility (with Mac binding) to all institutions dealing with essential services such as hospitals, banks and government offices.

In order to facilitate tourism, the broadband Internet services would be provided to hotels and tour and travel establishments, the order said.

Mac Binding essentially means to enforce a client machine to work from a particular Internet Protocol address.

"Prior to giving such facility, the service providers have been asked to install necessary firewalls and carry out white-listing of sites that would enable government websites and website dealing with essential services like e-banking," the order said.

However, all social media sites remain out of bounds. "There shall be complete restrictions on social media applications allowing peer-to-peer communication and virtual private network applications for the time being," the order said.

The institutions and government offices that are being provided Internet access shall be responsible to prevent misuse, according to the order.

It said the 2G mobile connectivity on post-paid mobiles for accessing white-listed websites including e-banking will be allowed in districts of Jammu, Samba, Kathua, Udhampur and Reasi -- all in the Jammu region.

The order said that the police has brought material relating to the terror modules operating in Jammu and Kashmir including handlers from across the border who are attempting to aid and incite people by transmission of fake news and targeted messages through use of Internet.

The relaxation came days after the Supreme Court said access to the Internet is a fundamental right under Article 19 of the Constitution.

The SC verdict had come on Friday on a batch of pleas challenging the curbs imposed in Jammu and Kashmir after the Centre's abrogation of provisions of Article 370 on August 5 last year.

The court had also asked the Jammu and Kashmir administration to review within a week all orders imposing curbs in the Union Territory.

It had asked the J-K administration to restore Internet services in institutions such as hospitals and educational places providing essential services.

The J-K administration's Tuesday communication said that in view of the Supreme Court directions, the situation has been reviewed and Internet has been opened whereever it was possible keeping in view the security consideration.

In Kashmir, 400 additional Internet kiosks will be established, besides the 900 terminals which are already operational in the Valley.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
April 5,2020

Bengaluru, Apr 5: Opening of Karnataka's borders to Kerala at this point in time will be like "embracing death," chief minister B S Yediyurappa said on Saturday making clear his government's stand not opening the state border.

The chief minister repeatedly said that for his government interest of the people of the state was supreme.

Yediyurappa made his stand clear in a letter to former prime minister and JD(S) patriarch H D Deve Gowda.

Gowda had recently written to the chief minister on March 31 seeking relaxation of the border restrictions on "humanitarian" grounds.

He had also written to Kerala chief minister Pinarayi Vijayan expressing his anguish against Karnataka authorities for imposing restriction and promising to raise the matter with prime minister Narendra Modi.

Stating the decision to close the border was not sudden, Yediyurappa said, it was a conscious decision after analysing the health situation in the area following the spread of COVID-19.

The chief minister cited the Indian Medical Association, Mangaluru branch data regarding the spread of Covid-19 in Kasargod of Kerala and surrounding areas which was alarming.

Noting that the region has nearly 106 positive coronaviruscases, he said, "this is the region with most number of infections in the country."

If this restriction is removed, it puts the health of the people of Karnataka in to risk and create a situation of "embracing death", so we will not be able to open the border, Yediyurappa said.

He also clarified that there was no prejudice behind his government's decision, and the interest of the people of the state was of utmost importance.

"...There is also no political maliciousness. We want to have good and brotherly relationship with neighbouring states," he said, adding that opening the border will open a pandora's box that will be disastrous for the state.

Yediyurappa also thanked opposition parties for their support to his government in its fight against COVID-19.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.