NEW DELHI : In one of its biggest crackdown on illegal ticketing in the railways, the RPF has arrested a madrassa-educated, self-taught software developer from Jharkhand in a racket which has links to Pakistan, Bangladesh and Dubai with suspected involvement in terror financing, a senior official said on Tuesday.

Ghulam Mustafa (28), who was arrested from Bhubaneswar, has a team of programmers working for him. He started his career in 2015 touting counter tickets in Bengaluru and then graduated to e-tickets and illegal software, the RPF official said.

"For the last 10 days, the IB, Special Bureau, ED, NIA, Karnataka Police have interrogated Mustafa.

"Dimensions of money laundering and terror financing are suspected," Railway Protection Force (RPF) Director General Arun Kumar said at a press briefing.

Kumar said Mustafa has 563 personal IRCTC user IDs, and a list of 2,400 SBI branches and 600 regional rural banks where he is suspected to have accounts.

He also said Mustafa used software to access darknet, and Linux-based hacking systems were found on his laptop.

An Indian software company with branches across the country and abroad has also come under the scanner for having links to the racket, Kumar said, refusing to name it. He, however, said the company has been involved in a case of money laundering in Singapore.

"Mustafa's phone has many Pakistani, Bangladeshi, Middle-Eastern, Indonesian, Nepali numbers as well as six virtual numbers. There was also an application to create fake Aadhaar cards," Kumar said.

The DG said analysis of Mustafa's laptops, which were highly encrypted, revealed that he is a follower of a Pakistan-based religious group.

Mustafa's digital footprints were found on government websites, he said.

The RPF chief named Hamid Ashraf as the mastermind of the racket which is suspected to generate revenue of ₹10-15 crore per month.

Ashraf, who is also a software developer, was involved in the bombing of a school in Uttar Pradesh's Gonda district in 2019 and is now suspected to have fled to Dubai, Kumar said.

"The first aim of these organised rackets is to generate cash. Once that money is amassed, then they turn towards terror financing. All the information gathered from them has indicated a link to terror financing and money laundering," he said.

Describing the operation, the DG said Ashraf is suspected to have a technical team to maintain the cloud-hosted servers. He has 18-20 lead sellers or super admins in India who handle the money and send to Hamid through various hawala accounts and crypto currency, Kumar said.

Then there are around 200-300 panel sellers who buy the software panel from lead developers and forward it to agents.

"One panel is a set of 20 IDs bought with ₹28,000 per month. They forward the IDs and software to agents. Roughly 20,000 agents are there in India who use the illegal software for booking. About ₹10-15 crore black money is generated per month in cash through this," he said.

The investigators are now trying to apprehend another person of interest who is called "Guruji" by the organisation who appears to be involved in the finance management of the gang.

"He is higher up the pecking order of the gang and a technical expert. He will be picked up soon. He uses Yugoslavian number and VPN (virtual private network). He received around ₹13 lakh from Mustafa recently through bank transfers involving 71 transactions," the RPF DG said.

Kumar said the illegal software, ANMS, bypasses IRCTC's login captcha, booking captcha and bank OTP to generate tickets.

For a genuine user, the booking process usually takes around 2.55 minutes, but for the software it takes around 1.48 minutes, thereby booking tickets much faster.

It also enables simultaneous login through several user IDs with pre-filled data, thus managing to corner most of the confirmed tickets.

This story has been published from a wire agency feed without modifications to the text. Only the headline has been changed.

Subscribe to Mint Newsletters * Enter a valid email * Thank you for subscribing to our newsletter.

Share Via