Abhinav Srivastava(31), an IIT Kharagpur graduate who has been arrested for hacking into the central identities data repository of the Unique Identification Development Authority of India’s (UIDAI) Aadhaar project gained access to the repository through the Digital India e-hospital initiative of the Ministry of Electronics and Information Technology.
At the time of his arrest, Srivastava was employed with Ola after the start-up Qarth Technologies he created, with a IIT Kharagpur batchmate Prerit Srivastava, was acquired by Ola in March 2016 in order to take over an e-wallet app called X-pay developed by the start-up.
What he did was created a app named ‘eKYC Verification’ to mimic the requests of e-hospital app, which was not having any mechanism to check if the request is from e-hospital app or from other source. Also the data was sent over HTTP, but HTTPS which is a norm for any website in todays web for secure communication.
The reality is the e-hospital app has simple security flaw, the company which devloped should be barred/fined not proper testing/auditing the code. From my point of view Srivastava should be rewarded big cash bounty for exposing the security flaw the system which compermises Indians at risk.
What will be the news if he was a Muslim. The titles of the news would have flashed with “Terrorist” word.