Connect with us

Hi, what are you looking for?


Haryana: Hackers Copy Thumb Impressions From Govt Website To Withdraw Cash

cyberthreat cyber threat ts 100703749 large 20210408115955

Hackers from Bihar took thumb impressions from a Haryana government website and withdrew money using the Aadhaar-enabled payment system (AEPS) through POS (point of sale) devices in an ingenious way to defraud naive victims.
The scammers accessed and downloaded sale deeds, according to the Faridabad police. They constructed silicon thumbs by copying thumb impressions of persons who carried out the deeds. They then used these thumb impressions and other information to make a cash withdrawal.

DCP Nitish Aggarwal has informed the Director of Land Records about the situation. “Because of easy availability of data, it is recommended that only the first page of the sale deed be made visible for the general public,”  Aggarwal explained. He also suggested that the website be audited to find any loopholes.

The situation surfaced during the inquiry of an incident in which a Ballabhgarh resident lost Rs 30,000 in her bank account due to fraudulent withdrawals. She had recently registered a deed. Three people were detained in Purnea, Bihar. Inspector Basant Kumar said, “They know about these loopholes as they had worked at a common service centre in Bihar.”   Land Records Director could not be reached for a comment.

Speaking to News18, Venkatesh Sundar, Co-founder and CMO of Indusface, a leading Tata Growth Capital-backed SaaS business said,  “The core of the issue here is a hacker got visibility into an ‘application loophole’ of access to fingerprint data of a user in a Sale deed form, before the application owners were aware of this risk or had time to fix it (in case they were aware of it).”

“In this case, an ‘application loophole’ was exploited to get access to fingerprint data of other users and it was used to create payment fraud. In another application, it can be the same fundamental for example; to get access to the past three transactions from a credit card or a bank statement which can be used for verifying on behalf of a client to create other types of fraud, the focus should not be on what type of fraud was committed, but on what caused it to be enabled and how can one mitigate it,” he added.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like


A video showing a baby with redness and cracks has gone viral, naming it ‘alien baby’ and ‘demon child’. The video claims that the...

National News

The CBI conducted investigations at 77 locations spanning 14 states, detaining ten suspects as part of a massive crackdown on online child sex abuse....


The much-awaited Khakee: The Bihar Chapter was released on Netflix on November 25 and since then Chandan Mahto, who is the main antagonist in...


Twenty days after its release, Rishabh Shetty’s ‘Kanatara’ continues to be the first choice for moviegoers. After a thundering response to the Kannada version,...