Could the Aadhaar card you possess be fake? You might just want to check.
According to Uttar Pradesh police, hackers have devised ways to bypass not just the Aadhaar biometric procedure of fingerprinting but also retina-scanning to come out with fake Aadhaar cards.
UIDAI refutes Wikileaks reports of Aadhaar data snoop, says system is secure
A Special Task Force (STF) of the police busted a State-wide network of hackers who allegedly bypassed the set standards of the biometric system of the Unique Identification Authority of India (UIDAI) and created fake Aadhaar cards through cloning of fingerprints.
The STF, which carried out the operation in Kanpur, arrested 10 persons on the charge of forgery and impersonation.
According to the STF, the accused would bypass the biometric norms of the UIDAI with fingerprint copies and tamper with the source code of the UIDAI application client (software used by Aadhaar enrolment agencies) to create a fake application client. They would then bypass the operator authentication process to create fake Aadhaar cards. The hackers would send the client application to unauthorised operators for a sum of ₹5, 000 each, police said.
A case has been registered at the Cyber Crime police station, Lucknow, under Sections 419, 420, 467, 468, 471, 474 and 34 of the Indian Penal Code, Sections 66 and 66C of the Information Technology Act and Section 7/34 of the Aadhaar Act.
After questioning the accused and through investigation, police explained the elaborate method of impersonation and fraud. The police operation followed the recent recovery of fake Aadhaar cards in Deoria, Kushinagar and Lucknow.
All that data that Aadhaar captures
As per the STF, the accused accessed the fingerprint impressions of authorised Aadhaar enrolment operators on the UIDAI system. They would then print out the fingerprints on butter paper. After this, the accused would create artificial fingerprints using polymer resin. They would log on to the Aadhaar website using the artificial fingerprints created by them.
The artificial fingerprint of the operator would then be used by multiple members of the gang to complete the process the Aadhaar card enrolment.
The police have recovered the devices and equipment used for impersonation, including 38 fingerprints on paper, 46 fingerprints manufactured by chemicals, two Aadhaar finger-scanners, two finger-scanning devices, two iris retina scanners, eight rubber stamps, 18 Aadhaar cards, a webcam, GPS equipment and a Polymer Curing Instrument.
Eleven laptops and 12 mobile phones were also seized.
Police say that previously Aadhaar operators would get access to the UIDAI client application through their fingerprints. However, when hackers started cloning finger prints, the UIDAI introduced retina scanning or IRIS as part of the authentication process, after which impersonation was brought under check. However, investigators are worried that hackers have created new client applications to hack and bypass the biometrics.
Police have decided to conduct a “security audit” of the entire Aadhaar enrolment process after it discovered that the norms of the Information Security Policy of Aadhaar were not followed by registrars, enrolment agencies, supervisors, verifiers and operators.
The STF arrested Saurabh Singh, alleged kingpin of the gang, from Kanpur on September 9. The other nine have been identified as Shubham Singh, Shobhit Sachan, Manoj Kumar, Tulsiram, Shivam Kumar, Kuldip Singh, Chaman Gupta, Guddu Gond and Satyendra Kumar. They belong to various parts of the State.