DELAYS IN receiving documents from foreign agencies has delayed prosecution of a case filed in Bengaluru last July by a UIDAI official against an IIT graduate, who piggybacked on an e-hospital app to allegedly carry out unauthorised electronic Know Your Customer (e-KYC) verifications of Aadhaar numbers.
Based on a complaint of alleged hacking, filed by a deputy director of UIDAI on July 27 last year, Bengaluru police had arrested the techie, Abhinav Srivastava, 31, on August 3. However, the police are yet to file a chargesheet in the case.
“The chargesheet is ready but we are waiting for a few documents that have been sought from abroad — from agencies such as Google — to proceed with the prosecution,’’ a cyber crime police official said.
“The crux of the crime is that he managed to hack into the server of the e-hospital system. Using this system, he used to send verification requests to the UIDAI database for his own app,” a police source privy to probe details said. “The UIDAI system allowed access under the impression that the authentication requests were coming from the e-hospital system, and it was not apparent that the query was unauthorised.”
The police are of the view that Srivastava developed an app — ‘eKYC Verification’ — for verification of Aadhaar numbers, and placed it on Google Play Store, out of his interest in developing apps, and not out of any malicious or commercial interests.
Srivastava spent nearly two months in jail after his bail plea was rejected by a sessions court on September 26, 2017. He was later released on bail by the Karnataka High Court.
According to the complaint, Srivastava and the company he had launched, Qarth Technologies, allegedly accessed Aadhaar data without authority. Bengaluru police registered a case under Sections 37 and 38 of The Aadhaar (Targeted Delivery of Financial and Other Subsidies Benefits and Services) Act, 2016 for illegal use of Aadhaar data and unauthorised access of the central identities data repository. The techie was also charged under Sections 65 and 66 of Information Technology Act, 2000, for allegedly tampering with computer source documents and computer-related offences. IPC sections for criminal conspiracy and forgery were also invoked.
The app was found to have accessed Aadhaar data without authorisation by piggybacking on the e-hospital app, which was authorised to access demographic data.
Although nearly 50,000 users downloaded the eKYC verification app, police investigation has found that the app was used in conjunction with one-time passwords sent to mobile phones of the Aadhaar number holders and did not compromise demographic Aadhaar data.