ದಿ ಯುಐಡಿಎಐ keeps insisting that Aadhaar is secure. Biometics can’t be bypassed, enrolment software can’t be hacked, and so on. So I put together a quick list. This list is under construction. Keep checking for updates.
- April 2012: An enrolment agent was found to have issued 30,000 Aadhaar cards in a span of six months. 800 of these were enrolled using biometric exceptions for disabled people and when the police were asked to verify, they found that none of the disabled people lived at the addresses provided One Mohammed Ali, employee of IL&FS was arrested in this matter. Later, it was discovered that Mohammed Ali’s employment had been terminated in September of the previous year, and employees at 20 different centres in the city had been using his credentials to login and create Aadhaars. This was supposed to not be possible, but a flaw in the registration software allowed it.
- June 2012: Also in Hyderabad and also IL&FS. Seven were arrested including IL&FS officials and a ಪಡಿತರ card shop owner, when it was found that an ಮಾಜಿ ಉದ್ಯೋಗಿ ಅಧಿಕೃತ ಲ್ಯಾಪ್ಟಾಪ್ ಎರವಲು to conduct some 60 enrolments, at least 13 of which were fraudulent and for the purposes of ration card fraud. In this case, it appears that the arrested person used his own fingerprints, which is how he was caught, but it is unclear how an ex-operator’s fingerprints were accepted by the system.
- ದಿ ಆಧಾರ್ Aasara ಹಗರಣ saw 3 individuals between ages 20 and 30 arrested when it was found that they created fraudulent Aadhaar cards to receive government old age pensions of Rs. 1000 per month to the tune of Rs. 50 lakh.
- ದಿ ಕಾನ್ಪುರ ಆಧಾರ್ ನೋಂದಣಿ ಸ್ಕ್ಯಾಮ್: the software was patched to bypass iris authentication and copies of fingerprints of authorized operators were used to login and create or update Aadhaar cards.
- YouTube ನಲ್ಲಿ ವೀಡಿಯೊಗಳು ಪ್ರದರ್ಶಿಸಲು ತೇಪೆ ಫಾರ್ ಆಧಾರ್ ದಾಖಲಾತಿ software (and updates) and provide PayTM account details to pay for the patch in order to buy it.
- ಏಷ್ಯಾ ಟೈಮ್ಸ್ ವರದಿ ಸೀಳು ECMP ಸಾಫ್ಟ್ವೇರ್ that worked “out of the box” – it came preconfigured with valid credentials of operators and a patch to bypass geographical restrictions that prevented access from unauthorized locations.
- ಬಯೊಮಿಟ್ರಿಕ್ಸ್ ಮತ್ತು ರಾಷ್ಟ್ರೀಕೃತ ಬ್ಯಾಂಕ್ ಅಧಿಕಾರಿ ವಿವರಗಳು Prashant Morvadiya were sold on a pen drive for Rs. 6000 to enable access to update Aadhaar data using his credentials, in a ಹಗರಣ the police believe to be operating for a year when it was caught.
- ಅಮ್ರೋಹಾ ಆಧಾರ್ ನೋಂದಣಿ ಸ್ಕ್ಯಾಮ್ used methods similar to the Kanpur Enrolment Scam, with copies of authorized operator’s fingerprints.
- ಯುಐಡಿಎಐ ಸ್ವತಃ ಒಪ್ಪಿಕೊಂಡಿದ್ದರು 20th June, 2017, that there are reports of biometrics being hacked, which is why it raised the penalty for bypassing biometrics to one lakh. “Due to various cases of bypassing the operator biometric capture being reported, UIDAI has decided to impose a penalty of Rs 100,000 per enrolment station found to be bypassing the operator biometric.”
- ಗಳನ್ನೂ ಆವೃತ್ತಿ of the Aadhaar enrolment software being sold on WhatsApp.
- ಆಧಾರ್ ಕಾರ್ಡ್ ನೂರಾರು ಕಂಡುಬಂತು ನಕಲಿ ದಾಖಲೆಗಳ ಬಳಸಿ in Moga.
The title of this post is inspired by this tweet:
Nandan :- @India_Stack ಡಿಜಿಟಲ್ ಹೆದ್ದಾರಿಗಳು ನಿರ್ಮಿಸುತ್ತದೆ
— Srikanth ஸ்ரீகாந்த் (@logic) May 6, 2018