The CBI said the software enables the user to save all required details to book Tatkal tickets beforehand, which are automatically filled-in the IRCTC portal as soon as Tatkal booking starts and PNR is generated very fast.
The software provides proxy IP addresses, bypassing IRCTC captcha, bypassing bank OTP, form autofill, login with multiple IDs with several pairs with the help of US-based server, allowing the users to fraudulently gain unauthorised access to computer network.
How do some travel agents manage to book confirmed railway tickets under Tatkal category, while thousands of passengers make unsuccessful bids on their computers or at reservation counters? Well, it seems it is all programmed.
A software programmer of the anti-corruption agency Central Bureau of Investigation is alleged to be the brain behind one such illicit software which subverted the railways reservation system, allowing the agents to book hundreds of Tatkal tickets at a single click of mouse, officials said in New Delhi on Wednesday.
The CBI has arrested its assistant programmer Ajay Garg and his front, Anil Gupta, for developing and distributing the software to agents for a price, agency spokesperson Abhishek Dayal said.
Besides Garg and Gupta, the agency has booked 13 others, including Garg's family members and travel agents.
Garg's parents, wife, sister and brother-in-law were allegedly instrumental in making collections from travel agents using his software, it said.
The money from the travel agents who booked tickets using his system was collected in bitcoins and through hawala channels to avoid scrutiny, he said, adding that 10 agents -- seven from Jaunpur and three from Mumbai -- have been identified in this connection so far.
"The case is in line with our policy of having a robust internal mechanism of ensuring probity and having a zero tolerance towards corruption," CBI Director Alok Verma said.
The ticket bookings under Tatkal quota open at 10 am for AC class and 11 am for non-AC coaches for the trains departing next day.
Under the quota, a fixed number of seats, in each coach, are sold at a premium by the railways to travellers who need tickets urgently.
A common complaint of passengers is that by the time they enter details on the IRCTC website or complete booking process, seats under Tatkal quota gets full within minutes of start of the booking. Their bookings are either rejected or they get a wait-listed ticket that too at a very steep prices.
Some travel agents offer to provide confirmed tickets under the quota by charging premium, over and above railways prices.
The arrest of Garg and Gupta has exposed the alleged software trickery used by them to exploit the vulnerabilities of IRCTC ticket booking system, they said.
Garg, a 35-year-old software engineer, had joined the CBI in 2012 through a selection process and has been working as an assistant programmer.
Earlier, he had served with the IRCTC, which handles ticketing system of the railways, between 2007 and 2011.
The CBI probe so far has indicated that Garg learnt the vulnerabilities of the IRCTC ticketing software during his tenure there which he exploited in his software, they said.
"These vulnerabilities still exist in the IRCTC system that is why his software was able to dodge it for booking tickets of hundreds of passengers at one go," an official said.
These tickets were genuine and the payments of the tickets went to the railways, they said.
Garg, who is alleged to be the mastermind, acted in the background, while his front, Gupta, distributed the software to travel agents and collected money on his behalf.
"Use of such software is illegal as per rules and regulations of IRCTC and also under the Railways Act. It was also alleged that the accused was collecting money for the use of such software by certain booking agents and had amassed huge wealth from these activities," Dayal said.
The CBI has carried out searches at 14 locations in Delhi, Mumbai and Jaunpur during which it recovered Rs 89.42 lakh in cash, gold jewellery valued at Rs 61.29 lakh, 15 laptops, 15 hard disks, 52 mobile phones, 24 SIM cards, 10 notebooks, six routers, four dongles and 19 pen drives, Dayal said.
Through the software, Garg was allegedly able to keep statement of tickets booked by the agents and charged them on every ticket, in addition to the cost of the software.
The software once installed on the agents' computers needed a user name and password which Garg allegedly changed from time to time to ensure recurring payments, they said.
Garg used a complex chain of Indian and foreign servers, online masking and cryptocurrency to facilitate his operations, the officials said, adding that his luck ran out after the agency received source information about his operations.
He was kept under surveillance before being arrested after a late night operation by the agency. While Garg was arrested in New Delhi, Gupta was nabbed from Jaunpur.
'...it usually takes 120 seconds in normal course for generation of a single PNR but this illegal software enables the user to book multiple Tatkal tickets online in much less time,' the CBI first information report alleged.
It said the software enables the user to save all required details to book Tatkal tickets before hand in the software which are automatically filled-in the IRCTC portal as soon as Tatkal booking starts and PNR is generated very fast.
The software provides proxy IP addresses, bypassing IRCTC captcha, bypassing bank OTP, form autofill, login with multiple IDs with several pairs with the help of United States-based server, allowing the users to fraudulently gain unauthorised access to computer network in contravention of rules and regulations.
'As number of seats available are limited, the use of this illicit software denies the genuine and authorised passenger a fair access to the IRCTC server to get confirmed Tatkal tickets,' it alleged.
Garg and Gupta have been sent to five-day CBI custody by a court.
Goyal orders strengthening of cyber security measures
As the scam was unearthed by the CBI, Railway Minister Piyush Goyal on Wednesday directed IRCTC and the Centre for Railway Information Systems (CRIS) to strengthen cyber security measures .
'Information was received about running of illegal operations to book tatkal tickets of Indian Railways in illegal manner. In this regard, after swift enquiry it was found that Ajay Garg, ex-IRCTC employee and presently working with CBI, was the kingpin of this entire network which involved numerous other persons,' the railway ministry said in a statement.
The statement also said that the railways already has an ongoing drive against such ticket-less travellers and illegal ticket booking, which creates artificial shortages of tickets.
'Minister of Railways Piyush Goyal has now further ordered to continue this drive and identify similar cases which are causing inconvenience to genuine passengers,' the statement said.