Representative image

BENGALURU: Abhinav Srivastava, prime accused in the Aadhaar data theft case, stunned investigators on Saturday with a six-hour demonstration explaining the shortcuts he used to hack into websites.

He disclosed the modus operandi he used to hack into the government website to access Aadhaar data. The cyber crime sleuths recorded the entire process on a video camera. “He said the absence of Hypertext Transfer Protocol Secure (HTTPS) from the URL helped him hack into the e-hospital website. HTTPS is the secure version of HTTP (Hypertext Transfer Protocol),” a source said, adding, “All communications between the browser and the website were not encrypted. HTTPS is often used to protect highly confidential online transactions like banking and shopping order forms.”

An MSc graduate from IIT-Kharagpur, Srivastava was recently arrested for allegedly hacking into e-hospital server hosted by the National Informatics Centre (NIC), a KYC user agency ( KUA ) which has tied up with the Unique Identification Authority of India (UIDAI) for Aadhaar authentication services. He allegedly hosted the Aadhaar e-KYC app on Google Playstore. Anyone clicking on it could gain access to Aadhaar data available on the server. The hacker, however, reiterated that he had no criminal intention.

“I developed the app giving out e-KYC details, thinking it would help the common man access Aadhaar information. I had no other intention,” police said quoting the accused. Senior officials told Srivastava hacking into the server itself was a criminal act. “He’s trying to convince us that he is not a hardcore criminal but that can only be decided after the investigation is over,” a Central Crime Branch (CCB) sleuth said. Laptops, hard disks have been sent to FSL. CCB police sent the four laptops and one hard disk they seized from Srivastava’s residence to the forensic science laboratory. “We need to carefully examine the gadgets as they contain all the information of his activities,” a CCB cop said.

