In a first, an FIR has been registered against three firms and the chairman of SKOCH group Sameer Kocchar and other individuals for attempting unauthorised authentication and impersonation by using stored Aadhaar biometrics and spreading false rumour about the Aadhar ecosystem .

The firms under the scanner are Axis Bank, Mumbai-based Suvidhaa Infoserve and Bengaluru-based eMudhra. The three firms have been served a “notice for action” under Aadhaar regulations. The individual booked in the case has been identified as Gaurav Vasant Nikam.

On the basis of UIDAI Assistant Director General Yashwant Kumar’s complaint with the cyber cell, FICN, Crime Branch of Delhi Police, the FIR was registered under sections 409, 419, 120B of the Indian Penal Code and section 66 and 66C of the Information Technology Act. 

The complaint was filed after UIDAI detected an exact biometric match in multiple consecutive transactions which the authority said was not possible without the biometrics being stored and their unauthorised use.

Kumar in the FIR alleged that an article published by chairman of Gurgaon based Think Tank Skoch group, Sameer Kocchar, claimed that Aadhar Authentication system is flawed and vulnerable. The article also claimed that it is possible that the authentication of the resident can be done by using stored biometric.

To substantiate the claim, Kochar had posted a video as a demonstration. On the evening of 13th February, Kochar used Twitter to spread false information/rumours that Aadhar has been hacked wherein he also referred to the said article.

The issue was enquired by the UIDAI Headquarters and it was found that the video posted in the said article presumably demonstrated a woman performing authentication under the name of Gaurav Vasant Nikam.

Thereafter the authentication records of Gaurav Vasant Nikam was checked and UIDAI officials noticed that he performed 397 biometric transactions between July 14, 2016 and February 9, 2017. Out of these, 194 transactions were performed through Axis Bank, 112 through eMudhra and 91 through Suvidhaa Infoserve.

But the question that popped up was that multiple transactions were performed concurrently with different Authentication Using agencies (AUA) — Axis, eMudhra and Suvidhaa — which suggested that these type of transaction were replayed by the developer, who is common for all the three AUA and attempted the illegal operations.

It was also observed that only one device was used per AUA, suggesting that only one developer performed the authentication, read the FIR.

Further the profile of Nikam was checked on Facebook and linked-In, and his biometrics which were used, showed an address which matched the demographic records of Aadhaar. Police said they are investigating to establish the whereabouts of Nikam and there are indications that there could be more persons involved in this racket.