List of Websites Providing Illegal Software for Tatkal booking
In Lok Sabha today Shri Pankaj Chowdhary and Sushmitha Dev asked questions regarding illegal sofware for tatkal booking.
The issue of misuse of automation software on www.irctc.co.in for booking Tatkal tickets has been reported from time to time. Indian Railway Catering and Tourism Corporation (IRCTC) had reported that several websites viz., www.tatkaltkts.com, www.tatkalsoft.co.in, www.tatkalaap.com, www.tatkalsoftservice.com, www.tatkalsoftwareall.com, www.tatkalsoftware.co.in, www.ixotrip.com, www.sparkindia.net, www.tsystem.in, www.tatkalsoft.blogspot.in, www.tatkaltkt.com, myrailinfo.in, tatkalguru.in, irctc-pro.soft112.com, freetatkalsoftware.com, ctrlq.org/irctc, www.sparkindia.co.in, tatkalworld.wc.it and www.blackts.software.com were providing the illegal software for Tatkal booking.
Recently, Central Bureau of Investigation has also filed an FIR (First Information Report) against its own staff and others on the allegation of unauthorised carrying out of business of procuring and supplying of railway tickets using illegal software.
The Ministry of Electronics and Information Technology, Government of India was requested to block the above websites.
IRCTC has also lodged complaints at Delhi, Mumbai, Kolkata, Nagpur and Lucknow with respective Cyber Crime Cells.
The issue has also been brought to the notice of Central Bureau of Investigation(CBI) by Railway Board Vigilance for further investigation as the people involved in such activities were beyond the jurisdiction of Railway Vigilance, being non-Railway persons. CBI/Bengaluru to whom such a complaint was forwarded by Railway Board Vigilance has informed that they arrested one person in the matter and charge-sheet has also been filed against this person by them. Railway Vigilance also conducts regular preventive checks in mass contact areas to prevent malpractices in e-ticketing including Tatkal.
The technical teams of Centre for Railway Information System (CRIS) and Indian Railway Catering and Tourism Corporation (IRCTC) have investigated the matter and informed that none of the system checks have been bypassed by use of these softwares. The softwares only facilitate quick data entry as compared to the time taken by an individual. In order to negate advantage of quick data entry by these softwares, following checks have been implemented:
1. Form filling time check: These checks ensure that the time taken in online filling of reservation form by software is comparable to that of an individual filling the form manually. The system does not accept submission of form before the stipulated time check.
2. Restriction on number of tickets: There are restrictions on number of tickets that can be booked in Tatkal opening time by a user from one user ID and also the number of tickets that can be booked from an IP address.
3. Technical checks to prevent automation softwares have also been implemented. Some of these checks include CAPTCHA, One Time Password for Net-banking and Dynamic form fields.
4. Regular security audit by Standardization, Testing and Quality Certification (STQC) Directorate of Ministry of Electronic and Information Technology, Government of India is also being got conducted for e-ticketing website. Real Time feed of internet traffic on the e-ticketing system is forwarded to CERT-IN for security monitoring and alerts.
Several additional checks and procedures as under have also been implemented:
1. Standard Form Filling time of passenger details in Passenger Detail Form is set at 25 seconds irrespective of number of passengers.
2. Minimum time check of 10 seconds for users to carry out payments.
3. Minimum input time for CAPTCHA on Passenger Details Page and Payment Page is set to 5 seconds.
4. CAPTCHA is provided at Login page, Passenger detail page and Payment page.
5. Only two Tatkal tickets can be booked for single user ID in Opening Tatkal from 10:00-12:00 hrs.
6. Maximum six tickets in a month can be booked by a user from one user ID, however, 12 tickets can be booked by a user in a month if the user ID is Aadhaar verified and one of the passengers is Aadhaar verified.
7. Only one Tatkal ticket in single session is allowed (except return journey).
8. Only two Tatkal tickets per IP Address between 10:00-12:00 hrs. are allowed
9. One user can have only one login session active at one point of time.
10. Quick book functionality (single page for booking tickets) is not allowed between 08:00-12:00 hrs.
11. Only two tickets of Opening Advance Reservation Period can be booked by a user between 08:00-10:00 hrs.
12. One user can do only one login at one point of time either from multiple windows of same browser or different browsers.
13. Implementation of Dynamic Field name on Passenger page.
14. One Time Password is mandatory for all Banks for Net Banking.
15. QR Barcodes are being printed on Electronic Reservation Slip.
16. Additional security question is asked from user randomly after passenger input page related to user personal information, e.g. user name, email, mobile number, check box etc.
17. Agents are not allowed to book tickets between 08:00 AM to 08:30 AM, 10:00 AM to 10:30 AM and 11:00 AM to 11:30 AM to prevent cornering of tickets at the time of opening of Tatkal and Advance Reservation Period bookings.
18. Aadhaar Card is mandatory for Agents registration.
19. Exception Reports are generated for suspicious IDs and time check violation attempts and for bookings done in first second of opening of ARP and tatkal bookings. Such user IDs are deactivated manually after analysis.
20. Multilayer security with Deep Defence is implemented in the e-ticketing system. It comprises of Frontend and Backend Firewall, Network Intrusion Prevention System, Web Application Firewall, Security Information Event management, Host Intrusion Prevention System, Operating System Hardening on all servers, Web/Application server Hardening, Database Server Hardening and Spring Security Framework in the Application Software.
Consultations have been held with National Technical Research Organisation (NTRO) for further strengthening the security of the system.
The above information was provided by the Union Minister of Railways and Coal Shri Piyush Goyal in written reply to a question in Lok Sabha today.