The ongoing denial of UIDAI and the government of Aadhaar vulnerabilities remains a concern. Many people don’t understand how Aadhaar could be a problem. There are many and documented ways where the integrity of Aadhaar data is already rendered questionable, but here are some ways that anyone could pull off with some effort.
For the purposes of this post – you are a scammer. A criminal.
Step 0: Acquire a few photocopies of Aadhaar
This is the starting point. Your Aadhaar number is supposed to be known only to yourself, but the reckless linking of Aadhaar with everything has ensured that photocopies of Aadhaar are, in reality, being handed out to anyone from international couriers to schools. If you’re inclined to be a criminal, there is probably no shortage of sources of Aadhaar numbers. No, it doesn’t matter even if people have written the purpose and signed on them. You could probably randomly collect a few photocopies of Aadhaar from people by making it “mandatory” – like your driver or maid must give you a copy of their Aadhaar to get their salary, or for police verification, etc. Help old people in the neighbourhood to book railway tickets and ask for Aadhaar number – you don’t need it, but gullible people don’t question. Just invent an excuse – it doesn’t have to be true – you are a scammer, after all. If one person refuses, ask another. Not many refuse. You’ll soon hit pay dirt. Govt has taught people to hand around their Aadhaar for anything and everything. And just like that, the allegedly secret number is yours.
Now, depending on what kind of a criminal you wish to be….
You’re a terrorist, or stalker or need to share fake news on WhatsApp…. you need a phone number.
Give that photocopy to any telecom operator and get a SIM card – this one is easy. Frankly, it will work with any ID. Not just Aadhaar. But Aadhaar is better, because then you attach it to the new phone number and sort of build that identity proper to be the foundation of other scam documents to be a full and proper ghost.
Say you have black money you need to park, etc. Things that need you to actually be a person.
Go to the UIDAI website. Download the form for updating Aadhaar details by post. Photocopy some ID, change the name and address to match that of your target Aadhaar you want to take over and attach to form. Fill the form, but in the place of the phone number, put the new number you got in the previous scam. Just in case someone is alert at UIDAI, save it on a couple of phones with that name and install true caller. Feel free to add a fake email also. So someone checking the number sees right name in true caller as well as telecom operator’s records. Post the form. That Aadhaar card will now be updated to work with your OTP. Enjoy. You can get an Udyog Aadhaar and qualify for a business loan, you can validate it for passport, etc. There is no way for the person to easily realize that the phone number was switched, so it will be a while before they realize what has happened. Even if a duplicate Aadhaar card gets posted to them, it will have no changed information (phone isn’t on the card – or even biometrics – they could have an empty document and not know it). By then, unless they do biometric PDS, you could use an OTP to switch the biometrics for you too and properly make it yours.
Rent a flat using that Aadhaar, register the lease, open bank account. Put some money there to evade taxes. Whatever. Oh, get another PAN if it is a lot of money. No one would believe Aadhaar can create a ghost. After all, govt has guaranteed it removes ghosts.
You are an illegal immigrant living in some slum. You’d like PDS, but you don’t qualify.
Fikar not. Aadhaar makes it easy. Keep an eye out for someone who dies in your area. Say you know people in the rationing office and can get the name of the dead person removed from their card for them. Take the card, update the dead person’s name with your Aadhaar. Aadhaar overwrites the person’s data on the ration card – name, age, sex, everything. Voila. You are now on their card. I suppose you should now remove your name from it and apply for a separate card, “because you’ve moved out to your own place”. Oh, don’t forget to return the ration card of those nice people, with the dead person’s name nicely removed and all. Oh, congratulations! You are also a citizen, if you weren’t, before.
There are endless ways, really, because the reckless imposition of Aadhaar has resulted in it being accepted for far more than what Aadhaar data is capable of actually verifying. Money transfers via Aadhaar? No problem. The government has gone to great lengths to enable it during demonetisation. Need more gas cylinders than your subsidy gives you to use in your restaurant? Sure, just scramble the address a bit, so computer doesn’t recognize as identical.
This is a threat to individual safety as well as national safety. Both physical and financial.
And I haven’t even mentioned leaked databases (there you go – thousands of aadhaar numbers and addresses) or privacy issues (govt says we don’t have a right to privacy, apparently) or denial of basic necessities to poor and desperate people (we don’t care about them anyway). I haven’t even talked of countless mobile SIM service people who could simply duplicate your SIM – and the Aadhaar number to verify is attached to the phone number! I suppose soon scammers will be paying bribes to get jobs in mobile operator service centers.
Are you still a fan of Aadhaar?
Disclaimer: This post is for educational purposes and does not endorse anyone actually indulging in criminal activities. I have not done any of the above. I would like those still insisting that Aadhaar is safe to explain how they would prevent any of this.
6 thoughts on “3 Aadhaar vulnerabilities that anyone could exploit”
This is bogus post. Mobile number can only be updated when you go to the UID center. Also, interlinking of ID ensures that any intrusion is detected very easily.
The form provided is as per UIDAI instructions and linked to the UIDAI website. Perhaps you know better than them how things work?
When I tried to change my mobile number (I still have to do it), I found out I need to go to UIDAI centre and verify my biometrics. So I guess all this is not as easy as you make it sound. And identity theft has been around even before Aadhar. I am not a fan of Aadhar or the government but trying to make an informed and rational inference here.
How anyone else’s Aadhaar photocopy or letter can be used for getting a new mobile sim?
You have to go to a small shop that will do it without biometric authentication and take the photocopy as a document.
Your fingerprint will be stolen from mobile shop, printed in transparency, used to clean bank a/c via #AADHAAR pay, sell property at #AADHAAR enabled registration office, update your mobile number in #AADHAAR database.
You will call 1947 to report your #AADHAAR bio-metrics theft, they will ask you email firstname.lastname@example.org, you will email every day, UIDAI will respond after 10th attempt asking you to lock your bio-metrics, you will lock it, criminal will now go to an #AADHAAR enrollment center wearing your fingerprint and unlock your bio-metrics and update your mobile number in #AADHAAR database. You will get fed up and go to police to file FIR, they will tell you that only UIDAI can file FIR for any #AADHAAR related crime, you will go to court and ask UIDAI to compensate for your bank balance, property loss, they will show you aadhaar act telling you that you agreed to terms and conditions that you are solely responsible for your #AADHAAR bio-metrics thefts, #AADHAAR mongers are just there to make trillion dollars profit out of billion demographics and bio-metrics details.