Bengaluru police on Tuesday arrested 31-year-old IIT-Kharagpur post graduate on grounds of for allegedly hacking and illegally accessing the server of the Unique Identification Authority of India (UIDAI).
For a situation featuring the security flaws in the Unique Identification Authority of India (UIDAI), authorities have filed a case against Abhinav Shrivastava and others of Qarth Technologies Private Limited for allegedly spilling the highly confidential Aadhaar information. According to the complaint filed by UIDAI’s deputy director, Abhinav Shrivastava, director of Qarth Technologies, had developed an android application that provided access to e-KYC archives. The archives were made public without UIDAI or other concerned authorities permission.
Abhinav Srivastav, a resident of Kanpur is suspected to have stolen statistic information which includes address, cell phone number, email address, age, and sex – of no less than 40,000 Aadhaar cardholders by hacking into the UIDAI database. Police stated that he has not gotten to any biometric information like fingerprints and iris scans.
Srivastav is currently working ANI Technologies, Ola’s parent company, as a software developer and has been blamed for getting to Aadhaar data in January 2017 through his application’, which was accessible from the Google Play store till recently.
Police said Srivastav had created five applications and made ₹40,000 from advertisements only and are currently examining all his applications to see whether more violations were conferred. The Aadhaar e-KYC application was downloaded more than 50,000 times from the Google Play store since its release in January.
“We would like to question his motives for hacking and stealing the information and how he managed to access the server of UIDAI,” additional commissioner of police (crime) S Ravi said.
A senior cyber crime police official said Srivastav has portrayed himself as an ethical hacker in some online profiles. “His personal data shows that he had worked as a security researcher with Iviz Security and successfully explored vulnerabilities in internet payment gateways. Most importantly, one of his profiles says he “built tools for exploring Flash Vulnerability”, which apparently received the appreciation of world-renowned hacker Jeremiah Grossman, the founder of web security firm WhiteHat Security. So we cannot take him or his works lightly,” he said.
The case has been sent to CID’s cyber crime cell. The grievance has been enrolled under Sections 37 and 38 of the Aadhaar Act. The cyber crime police enrolled the case under Sections 65 and 66 of the Information Technology Act and Sections 120B, 468 and 271 of the Indian Penal Code.