Abhinav, who describes himself as a hacker in some online profiles, has in the past worked as a security researcher at Iviz Security and has experience in exploring vulnerabilities in Internet Payment Gateways, according to some online profiles he has provided. (Representational)

AN IIT-KHARAGPUR graduate accused of accessing the central identities data repository of Aadhaar scheme without authorisation through an online app — eKYC Verification — had developed it in his independent capacity as a software developer, according to people associated with the firm he had founded, his present employer, and those close to the alleged hacker. The app is not a property of either taxi hailing firm Ola (ANI Technologies Ltd), where he is now employed, or his own start-up Qarth Technologies, which Ola had acquired in March 2016, they said.

Abhinav Srivastava, a software security expert who now works with Ola, has been accused by the Unique Identification Development Authority of India (UIDAI) of illegally accessing the Aadhaar data repository. According to the complaint, he had developed the app and placed it on Google Play Store. Prerit Srivastava, Abhinav’s co-founder at Qarth Technologies and from the same 2009 batch of IIT-Kharagpur, who also currently works with Ola, said, “I am sorry, I was not involved with it.”

The app, which delivered demographic data such as names, addresses, phone numbers of individuals from the central identities data depository of Aadhaar to authenticate unique identity numbers, was developed by a unit called myGov — linked to the IIT-Kharagpur start-up Qarth Technologies Pvt Ltd. Archival online data suggest the app was on Google Play Store until at least June this year. The UIDAI has accused Abhinav and an accomplice of illegally accessing Aadhaar data between January and July 26 this year.

A source associated with the techie said, “The app was developed in his personal capacity and placed on the Google store – a lot of developers do this kind development. It has now been disabled. There was no wrong intent in developing the app. There are other similar apps.” In a statement issued in response to queries regarding the controversial app being a part of the portfolio of apps developed by Qarth Technologies Pvt Ltd, Ola, said, “Ola has neither commissioned nor is involved in any such activity’’.

It also said, “No such complaint has been brought to our notice’’. Ola bought Qarth Technologies last year primarily for the mobile wallet app called X-Pay, which was developed with Prerit as the company CEO and Abhinav as its CTO. According to start-up industry experts, X-Pay is the “fastest way to make person-to-person payment in India, with transaction time as close to 10 seconds”.

Abhinav, who describes himself as a hacker in some online profiles, has in the past worked as a security researcher at Iviz Security and has experience in exploring vulnerabilities in Internet Payment Gateways, according to some online profiles he has provided. One of his profiles says he has “built tools for exploring Flash Vulnerability’’, which apparently received the appreciation of world-renowned hacker Jeremiah Grossman, the founder of web security firm WhiteHat Securities.

Based on UIDAI’s complaint against Abhinav and other unidentified people, Bengaluru Police have filed a case for offence under Section 37 and 38 of The Aadhaar (Targeted delivery of financial and other subsidies benefits and services) Act, 2016. It holds them guilty of illegal use of Aadhaar data and gaining access without authority to the central identities data repository.

They have also been booked under Sections 65 and 66 of the Information Technology Act, 2000 for tampering with computer source documents and computer-related offences. In addition, Indian Penal Code sections for criminal conspiracy and forgery have been invoked.

“We do not know the number of people whose unique identity was verified using this app. It is a highly technical investigation and it has only begun,’’ a senior officer of Bengaluru Police had earlier told The Sunday Express.

http://indianexpress.com/article/india/iit-graduate-accused-of-hacking-aadhaar-data-built-app-on-his-own-4773549/