Tatkal tickets of Indian Railways (Indian Railways) are usually purchased by bots or agents, causing travelers to get into trouble. Tatkal tickets are booked a day before the start of the journey and is released 24 hours before. India Today’s Osint team has identified a network of more than 40 groups active on Telegram and WhatsApp, which is a small part of the big online black market of e-ticketing. Thousands of agents remain active here and despite the government regulation, their business is running indiscriminately.
The Ministry of Railways has implemented a new rule related to Tatkal ticket on 1 July, according to which the Tatkal ticket of the railway can be booked only through the IRCTC website and its application. The important thing is that for this, the user has been required to link Aadhaar card with his account.
Soon after the announcement of the ministry, rackets related to e-tickets have started rigging on social media. They are selling Aadhaar Verifite IDS and OTPS.
https://www.youtube.com/watch?v=lv45ezl4som
Racket busted
The e-ticketing racket includes not only agents, but also technology knowledge and fake service, who claim to take advantage of the alleged flaws in the IRCTC system and these people work through Telegram and WhatsApp account. Admins use international phone numbers to hide their identity.
According to the post seen by India Today, the Aadhaar-verified IRCTC user ID is being openly sold for just Rs 360. These accounts are allegedly used to generate OTP to book Tatkal tickets but this process is not manual. Agents claim to speed up booking and use bot or automatic browser extensions to overload the system for real users.
modus operandi…
India Today saw a close activity for more than three months inside the Telegram Group, ‘Fast Tatkal Software’ of the racket, so that their ticketing operation could be understood.
The racket operators or technical masterminds behind the illegal network claim to sell bots to agents. Agents are asked to use an autofil feature to install these bots in their browser and complete the booking quickly, leading to an edge over real users, which struggle with slow load -loaded pages and filled transactions.
Allegedly, these bots autofil the login credentials of IRCTC, train information, passenger information and payment data. The entire process is automatic and there is a ‘guarantee’ to get confirmed tickets in less than a minute.
The conversation in the channel shows that technical experts are guiding agents to avoid IRCTC’s AI algorithm, which competes with bot activity by blocking the suspected IP. The fraudsters dodge these blocks using virtual private servers (VPS) to hide their IP address.
Bot on sale …
India Today also found that the racket’s admin bot sells websites like Dragon, JETX, Ocean, Black Turbo and Formula One, which are sold for ‘Tatkal Booking’ and cost between Rs 999 to Rs 5,000. After purchases, users are instructed through telegram channels how to use them.
These bots are not only used to book tickets, but they steal information from users.
The malware scanner site virustotal was downloaded as APK, a bot file called Winzip was analyzed. This showed that it was Trojan, a malware designed to steal the user information. On June 04, the Ministry of Railways said in a press release that during the first five minutes of immediate booking, ‘Bot traffic is up to 50 percent of the total login efforts’.
The ministry said that more than 2.5 crore fake user IDs have been suspended by the deployment of anti-boat systems by IRCTC. Along with this, now the agent booking has been banned during the first 30 minutes of opening Tatkal tickets for both AC and Non-AC category.
—- End —-
(Report aide- Khushi Sonkar)