It was a eureka moment for the cyber crime cell when they got their hands on the prime accused in the Aadhaar data theft case. But investigators were in for the shock of their lives when their prize catch Abhinav Srivastava displayed his hacking tricks.
Abhinav Srivastava gave a six-hour presentation on his modus operandi with which he would easily hack into the government website to access Aadhaar data.
The entire demonstration was recorded on a video camera.
"He said the absence of Hypertext Transfer Protocol Secure (HTTPS) from the URL helped him hack into the e-hospital website. HTTPS is the secure version of HTTP (Hypertext Transfer Protocol)," a source said, adding, "All communications between the browser and the website were not encrypted. HTTPS is often used to protect highly confidential online transactions like banking and shopping order forms."
Srivastava, an MSc graduate from IIT-Kharagpur, was recently arrested for allegedly hacking into e-hospital server hosted by the National Informatics Centre (NIC), a KYC user agency (KUA) which has tied up with the Unique Identification Authority of India (UIDAI) for Aadhaar authentication services. He allegedly hosted the Aadhaar e-KYC app on Google Play store. Anyone clicking on it could gain access to Aadhaar data available on the server. Srivastava, however, reiterated that he had no criminal intent.
"I developed the app giving out e-KYC details, thinking it would help the common man access Aadhaar information. I had no other intention," police said quoting him.
It is to be noted that hacking into any server itself is a criminal act.
"He's trying to convince us that he is not a hardcore criminal but that can only be decided after the investigation is over," a Central Crime Branch (CCB) officer said.
Laptops and hard disks seized from Srivastava's residence have been sent to Forensic Science Laboratory (FSL) by the CCB.
"We need to carefully examine the gadgets as they contain all the information of his activities," a CCB official said.