Railways downplays corruption in tatkal bookings
The Narendra Modi government seems to have opted to downplay charges of impropriety in railway Tatkal bookings despite its own investigators pursuing corruption charges seriously.
The Ministry of Railways admitted to the Legislature that “misuse of automation software” on the railways' official ticketing website “has been reported from time to time”.
It also referred to the arrest of an officer of the Central Bureau of Investigation (CBI) for allegedly “procuring and supplying” tickets using “illegal software”, in a response to Parliament.
At the same time, the ministry also tried to sweep under the carpet its failure in dealing with such hackers.
Such software didn't bypass system checks, but only “facilitated quick data entry”, the Railways claimed in a reply to a question in Lok Sabha. It cited technical teams of Indian Railway Catering and Tourism Corporation (IRCTC) and Centre for Railway Information (CRIS).
Facilitation of quick data entry would put a large section of commuters without access to such electronic systems at a disadvantage, especially since the Tatkal scheme has a limited number of seats on a first-come-first-serve basis.
On 27 December last, the CBI arrested one of its officers, an assistant programmer, and an alleged accomplice, accusing them of trying to develop and sell an illegal software to book train tickets. The duo was remanded to police custody by a designated court.
The programmer developed a software for bypassing IRCTC's booking system and was selling it to agents for a lumpsum. In an indication of the serious criminal nature of the entire activity, the accused received payments for this illegal software allegedly through Bitcoins and hawala network.
The CBI raided 14 places in Delhi, Mumbai and Jaunpur, recovering about Rs 89 lakh in cash, gold jewellery worth over Rs 61 lakh, gold bars, 15 laptops, hard disks, 52 mobile phones, 24 SIMs and a few other items.
But the government tried to play all this down as a small loophole that it has plugged. The ministry said it has put in place safeguards like restricting the number of tickets an individual can book when Tatkal for a particular day opens.
Form-filling time checks have also been set to ensure the “time taken in online filling of reservation form by software is comparable to that of an individual filling the form manually”. For example, the standard form-filling time of passenger details in Passenger Detail Form has been set at 25 seconds, irrespective of the number of passengers.
The minimum time check for users to carry out payments has been set at 10 seconds. The minimum input time for CAPTCHA on Passenger Details Page and Payment Page has been set to 5 seconds.
Irrespective of these, the Railways' response has not been entirely honest. First, if an alien software can enable unusually fast and multiple data entry on IRCTC's website, that itself amounts to a bypass of the website's systems.
Second, the extent of the problem is much bigger than mere quick data entry. While making the arrests, the CBI clearly said the illegal software developed by the accused duped IRCTC's Tatkal ticket booking system.
IRCTC itself reported that at least 19 websites were providing similar illegal software. These websites included
It said it requested the Ministry of Electronics and Information Technology to block these websites, but it is not difficult for blocked websites to surface again with a different URL.
The CBI had conducted similar raids in 2012, busting a multi-crore ticket booking scam. The accused reportedly used more than hundred bogus personal user IDs to book confirmed tickets en masse within seconds.
Similar illegal softwares were detected then too and their resurfacing clearly establishes that the Railways has failed massively in protecting its systems from being compromised. It is high time the government stopped downplaying ticket-booking scams and took serious action to deal with this menace, once and for all.