A sophisticated cyber heist in Amroha, Uttar Pradesh, has exposed critical vulnerabilities in India's Aadhaar biometric identification system, where cybercriminals successfully cloned SIM cards and stole biometric data from over 1,500 citizens across 12 states. This elaborate fraud network, operating primarily from Badaun and Amroha districts, represents one of the most significant identity theft operations uncovered in recent years.
The criminal enterprise was masterminded by Ashish Kumar, a BTech dropout, who developed sophisticated counterfeit websites that closely resembled official Aadhaar and Passport Seva portals. These fake platforms enabled the gang to input fraudulent data and generate forged documents, including passports, with access sold to a network of 200 to 300 agents spread across multiple states.
The cybercriminals employed advanced technical methods to bypass UIDAI security systems, including cloning credentials of authorized Aadhaar operators and copying sensitive biometrics like iris scans. They utilized specialized software to overcome geo-fencing restrictions that normally prevent remote access to Aadhaar portals, allowing them to upload tampered biometric data from unauthorized locations.
A key component of their operation involved manipulating fingerprint scanners to accept silicone-molded fingerprints created from impressions collected from legitimate operators and vulnerable individuals, many from underprivileged backgrounds. These altered scanners successfully fooled the system's biometric authentication, bypassing Aadhaar's real-time security locks.
The fraud network charged clients between ₹2,000 and ₹5,000 for illegally updating personal details such as names, birth dates, addresses, or mobile numbers on Aadhaar cards. The operation extended beyond Aadhaar manipulation to include creating fake birth certificates and ration cards to support fraudulent identity changes.
Following stricter verification protocols introduced in December 2024, the gang adapted their tactics, using forged documents on third-party platforms to create over 20 fake passports, several of which were successfully uploaded into the UIDAI system. Investigators recovered at least 400 forged supporting documents during the investigation.
The joint cyber team, supervised by SP Sambhal Krishna Kumar Bishnoi and ASP Anukriti Sharma, arrested four key players: Ashish Kumar, Dharmender Singh, and Raunak Pal from Badaun, and Kasim Hussain from Amroha. All accused face charges under the Aadhaar Act, Information Technology Act, and Passport Act for identity theft, cheating, and unauthorized access to protected systems.
This case highlights significant security gaps in India's digital identity infrastructure and the sophisticated methods employed by cybercriminals to exploit biometric authentication systems.
