Aadhaar theft case: IIT-Kharagpur student reveals how he hacked data
Prime accused in the Aadhaar data theft case, Abhinav Srivastava in a six-hour demonstration revealed to the cops as to how the absence of HTTPS from the URL helped him hack into the hospital's website. Srivastava said that he had no criminal intentions; rather he had developed the app to help people access Aadhaar information. His laptops, hard-disks have been sent to forensic labs.
A 31-year-old IIT-Kharagpur graduate has been arrested for hacking into the central Aadhaar database. The UIDAI had filed a complaint of unauthorized access on July 26 which led to the arrest of Abhinav Srivastava from Uttar Pradesh. Srivastava had allegedly accessed the database illegally between January 1-July 26 for an app called 'eKYC Verification' which is available on Google Play Store under developer 'myGov'.
The app, whose 'developer' has been linked to the start-up Qarth Technologies, retrieves data from the central Aadhaar data repository to authenticate UID. Srivastava illegally accessed the Aadhaar-enabled e-hospital system under the government's Digital India initiative to keep the app running. Since he made the app in January, Srivastava has earned about Rs. 40,000 from ads, police said.
According to cops, "He managed to hack into the server of the e-hospital system and through this system, sent verification requests to UIDAI for his own app. The UIDAI system allowed access under the impression that the authentication requests were coming from the e-hospital system." The government's e-hospital system was created to facilitate online appointments in government hospitals.
Srivastava, co-founder of Qarth Technologies, was employed with Ola at the time of his arrest (Ola had acquired the start-up in 2016 to take over e-wallet X-pay developed by it). The eKYC Verification app has been downloaded about 50,000 times from Google Play Store. A police source said, "We are investigating if the app was used in any form by Ola."