Biometric Cloning: 2 Hackers Arrested For Copying Fingerprints And Withdrawing Money Using Aadhar Based Payment

AZAMGARH: Uttar Police cyber police have made another breakthrough in nabbing cybercriminals who were stealing money from the underprivileged by making clones of their fingerprints.

Azamgarh police said these cybercriminals used to go to customer service centres and clone their targets fingerprints and withdraw money from their bank accounts using Aadhaar Enabled Payment System (AePS).

Aadhaar Enabled Payment System (AePS) is a sort of payment system that is based on the Unique Identification Number and enables Aadhaar cardholders to make financial transactions effortlessly using Aadhaar-based authentication.

The AePS system aims to enable all members of society, particularly those in rural areas, to utilise Aadhaar to access financial and banking services.

According to the UP police investigation, hackers are abusing AePS, which allows customers to make payments using their Aadhaar numbers and provide Aadhaar authentication at the point of sale (PoS) or micro ATMs. But criminals are misusing the technology by making fingerprint clone and hiding their identity by using retina scan protector.

Police said the incident came to light after Manoj Kumar Sonkar reported that someone had withdrawn Rs 1.77 lakh from his ICICI bank account by using a forged thumb impression. Following the investigation, two cybercriminals were arrested who were identified as Manoj and Umesh Saroj.

MODUS OPERANDI

• The gang got information of their targets from the UP government’s “Stamp and Registration” website or other offices that gather paperwork. The website includes a soft copy of all the department’s register, as well as copies of Aadhar cards, pan cards, mobile numbers, and bank account numbers.
• Crooks print the thumb imprint from a duplicate of the Aadhar card on butter paper and use a stamper machine to clone the thumb impression.
• Using photoshop software, they alter the Aadhar card details by changing the photo, name, and address. A QR code generator app is used to create a new QR code. When the code is scanned, the desired name appears.
• Criminals purchase fake SIM card and make fake bank account using the fake Aadhar cards.
• Become bank correspondent (encouraged by banks) in the “online Aadhar payment system”. Then they transfer money from the victims’ account using the fake thumb impression of the victim and immediately withdraw the money.

Explaining the case, Triveni Singh, superintendent of Police cyber cell said, “During our investigation, we found that the money was withdrawn using AEPS. We found that victims’ never used their thumb impression to withdraw the money it was a gang of hackers who had cloned the fingerprints and Aadhar numbers of victims to carry out illegal transactions.”

Further investigation revealed that the gang learned the hacking and cloning technique through YouTube and the internet by which he made clones of thumb impression. They bought equipment for making cloned fingerprint from popular online shopping websites. They had a biometric machine, rubber thumb impression printer, gelatin, temperature modulator and other chemicals through which he used to make a clone.

The gang was using retina scans to protect to hide their identity.

Triveni Singh explained that for AEPS only fingerprints and Aadhar number is required. The customer does not receive an OTP, which is mandatory for any card-based payment.

“It is advised that two-factor authentication is followed for such transactions. This will only increase the security and it becomes difficult to bypass two-layer of security,” Singh said.

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube