The government abets cybercrime
By RN Bhaskar
The image has been generated through https://deepai.org/machine-learning-model/text2img
On 30 June 2025, news headlines talked about how the digital-gold website of Aditya Birla Capital Digital (ABCD) had been hacked (https://www.livemint.com/news/digital-gold-hackers-struck-aditya-birla-capital-digital-weal-encyption-cyber-criminals-ey-india-data-privacy-11751192030975.html). The company said that it had restored the clients’ gold lost to hackers and conducted a forensic audit of the matter.
The news report stated, “On 24 June, ABCD filed a first information report (FIR) with the cyber cell of the Mumbai Police, stating digital gold of ₹1.95 crore was sold off without customer consent. The company’s information security team found digital gold from 435 accounts was sold without authorization on 9 June. The complaint also said an unknown person had hacked the API endpoint of the ABCD app.”
The proceeds from these unauthorized transactions, the complaint said, were transferred into several bank accounts. Since transfer to an overseas account would have invoked RBI firewalls, it is reasonable to believe that these recipient accounts had to be in India.
Bogus accounts
Most of the accounts to which the proceeds were transferred are believed to be bogus or benami accounts. That is why the people behind the heist cannot be identified. That raises critical issues. This is because the root cause of bogus or benami accounts can be traced to Aadhaar cards. Doesn’t this create a fertile ground for cybercrime?
First, there is a proliferation of Aadhaar cards, making it one of the most insecure identification tools. As many as nine states have more Aadhar cards than the local populations (Free subscription — https://bhaskarr.substack.com/p/indias-election-peril-aadhaar-and). This is compounded by the government’s inability to remove the names of dead persons from the Aadhaar list (free subscription — https://bhaskarr.substack.com/p/ghosts-at-the-voting-booth). So, you have ghost Aadhaar cards that continue to float around. A big incentive for cybercrime.
Second, the government complicated the financial environment by insisting that banks should allow people to open savings bank accounts using only their Aadhaar cards. This was reiterated by UIDAI vide its Circular of 23 October 2018 A similar confirmation had been issued earlier by the RBII.
Swelling bank account numbers
Not surprisingly, the number of bank accounts swelled. ‘Data for India’ estimates that there are now nearly 2.5 billion bank accounts held by individuals in India, as reported by banks (https://www.dataforindia.com/access-to-banking/).
In the past, no person could open a bank account without two independent persons holing accounts in the same bank, testifying to the identity of the applicant. Tracking a bank account holder was thus easier. Today, this is not possible. The measure of identification was dispensed with. Just what encourages cybe3rcrime.
Thus, bogus Aadhaar cards could now result in bogus accounts as well.
PAN Cards also swell
This was further complicated by the government asking banks to give PAN cards to bank account holders. That led to a surge in PAN cards as well (https://asiaconverge.com/2021/02/budget-2021-hurts-both-banking-and-atma-nirbhar-bharat/).
A further twist was introduced by NPCI, which stated that it did not keep logs of transactions, and that it “overwrites” the old account number with the latest account number — do note: not append, but overwrite (https://asiaconverge.com/2018/02/how-aadhaar-and-npci-together-open-the-door-to-major-frauds-and-impersonations/).
So, you now have savings accounts that are visible to the tax authorities, allowing them to launder money in small quantities each year.
Effectively, any cyberthief can transfer ill-gotten proceeds to any bogus account, and remain untraceable.
How serious is the problem?
Very serious. For several reasons.
First bogus Aadhaar cards are now sought to be linked to election cards as well. This means that the number of bogus votes for the next general elections will swell (free subscription — https://studio.youtube.com/video/TLkG2jpbQmY/edit). That would make a mockery of the concept of India as a democracy.
Second, the bogus bank accounts and PAN cards have given cyber criminals access to additional phone connections as well in the name of these bogus entities.
Third, with the help of some friendly backroom operatives, it is easy to get OTPs sent to these bogus numbers, or even to disable existing phones temporarily diverting the OTPs to a cloned phone. Of course, there is the carelessness on the part of customers who can download malware to make this possible.
Compounding all this is the absence of an e-commerce regulator. That would allow an independent authority to check the interplay of all systems, monitor apps, and flag issues that urgently need to be addressed. The government promised to have one in place in 2016. But it has dragged its feet on this issue all alone (https://studio.youtube.com/video/QIfiZFMTR4Y/edit).
The problem with NCRB
There is another problem. The data from NCRB which is given above is for the period ending 2022. Even the government statement of 18 March 2025 (https://www.pib.gov.in/PressReleasePage.aspx?PRID=2112244) refers to the 2022 data only. Similarly, the government makes promises about dealing with cybercrimes with lightning speed, and registering FIRs promptly (https://www.pib.gov.in/PressReleasePage.aspx?PRID=2129715). But why hasn’t basic data on cybercrimes been made available for subsequent years? Not having data allows a problem to fester.
NCRB poses another problem. I accessed its website on 3 July 2025 (Source: https://www.ncrb.gov.in/en/cyber-crimes-statesuts). The website has a language option for Hindi and in English. But the default version that appears is in Hindi. Try and change the language and you discover that the English tab isn’t working. Is the NCRB promoting the government agenda of pushing Hindi instead of attending to its core responsibilities?
The situation begins to look alarming when you consider the statements made by the Maharashtra government on the floor of the Assembly.
The chief minister pointed out how Maharashtra had been subject to a spate in cybercrimes (https://indianexpress.com/article/cities/mumbai/financial-frauds-rs-2-lakh-crore-in-mumbai-in-10-years-10102261/). The newspaper said that “In 2024 alone, the Maharashtra National Cyber Crime Reporting portal recorded 58,157 complaints of financial frauds amounting to nearly Rs 1186.46 crore. Among these include 31,583 complaints from Mumbai, 13,971 from Pune and 12,582 from Thane. He said that in 2024 alone, the Maharashtra National Cyber Crime Reporting portal recorded 58,157 complaints of financial frauds amounting to nearly Rs 1186.46 crore.”
Now compare this with the NCRB figure of just 65,893 incidents for 2022. That is an all-India figure. The government of Maharashtra has given the figure for just one state. This leads one to wonder if the NCRB data is reliable. After we get the numbers for 2023 and 2024, we will have a better idea about the NCRB data.
Conclusion
There are times when the government takes decisions that are politically expedient. But the law of unexpected consequences is always at work. That is why a public discussion is desirable before policy decisions get taken. The easy opening of bank accounts may have looked at a good idea. But today, it is possibly the key factor in the huge spike in cybercrime.
———————–
Do view my latest podcast “Asia’s demographics and India’s myopia”. You can view it at https://youtu.be/_9qzFctBV7c
———————–
And do watch our daily “News Behind the News” podcasts, streamed ‘live’ every morning, Monday through Friday, at 8:15 am IST. The latest can be found at https://www.youtube.com/live/zdxlhqFVhKE?si=Fy6wBFEMY5uEdE–
———————–
COMMENTS