Ten members of a gang that was counterfeiting Aadhaar Cards were been arrested by the police in Uttar Pradesh, reports NDTV. The gang was led by Saurabh Singh from Kanpur. We couldn't find a note on this on the UP Police website or twitter handle. According to a note we've seen (the same as this), albeit unvalidated, the group had used biometric devices to get the fingerprint of authorised operators. They printed this scanned fingerprint on butter paper, and used UV rays on a photo polymer resin - first at 10 degrees temperature, then at 40 degrees - to create an artificial fingerprint similar to the original. They used this log into the Aadhaar website. The note also mentions that although the UIDAI also mandates iris scan for login, the group bypassed iris (retina) based authentication by using a tampered client application. Apparently, they were selling this application to others for Rs 5000. A single login was able to work on multiple machines, and create fake Aadhaar cards. The note also mentions that Registrars, Enrollment Agencies Supervisors, verifiers, and operators haven't implemented new security policies instituted by the UIDAI. A few points to note: 1. Biometrics aren't only held by the CIDR: the UIDAI has been saying that the data base which holds Aadhaar information (CIDR: Central Identities Database Repository) is secure and data hasn't leaked from it. The biometric information is safe, is something that has been specified repeatedly. But the truth is that the biometrics can be leaked from…
