In a significant breakthrough exposing vulnerabilities in one of India’s most sensitive digital identity systems, Balaghat Police have arrested a software engineer allegedly involved in large-scale Aadhaar updation fraud. The accused, identified as 39-year-old Mohsin Khan, was reportedly running an illegal biometric manipulation setup for more than a decade, using cloned fingerprints, iris data and unauthorized software tools to carry out Aadhaar-related modifications.
According to officials, Khan, a resident of Bharveli, allegedly exploited loopholes in authentication procedures by masking his operating location with Virtual Private Network (VPN) software, tricking the system into identifying his operations as those of an authorized Aadhaar centre.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Complaint Triggered Raid; Digital Devices and Fake Biometrics Seized
The scam came to light after a formal complaint was lodged at Bharveli Police Station. Acting on the complaint, a team conducted a raid and took Khan into custody.
During the operation, police seized a range of suspicious devices, including:
- Laptops equipped with biometric manipulation programs
- Fake silicone fingerprints
- Digital iris scanning replicas
- High-resolution fingerprint recording tools
- Aadhaar updation equipment not linked to any official authorization
Investigators noted that many of the seized tools are not commercially available, suggesting that the accused either imported or custom-developed them to bypass the UIDAI authentication system.
Cloned Operator Credentials Used to Access System
Additional Superintendent of Police (ASP) Nihit Upadhyay confirmed that Khan created biometric clones of officially authorized Aadhaar operators. Using these, he managed to log into the Aadhaar portal under stolen credentials and process updation requests.
“Preliminary investigation indicates that the accused replicated fingerprints and iris data of multiple authorized operators. He then used these biometric credentials to run Aadhaar updation activities without physical presence or departmental approval,” the ASP stated.
Police further revealed that Khan used artificial digital iris models capable of mimicking human eye patterns, allowing him to bypass the highly secure iris-based authentication system UIDAI employs.
Operating Since 2011; Thousands of Aadhaar Records Under Scrutiny
Investigations have revealed that the illegal operation may have been active since 2011, making it one of the longest-running Aadhaar-related cybercrimes uncovered in the region. Khan reportedly submitted tenders using the names of family members and acquaintances, gaining access to Aadhaar updation kits and credentials while storing all equipment with himself.
Authorities fear that thousands of Aadhaar records may have been tampered with, raising concerns about possible identity misuse, financial fraud and unauthorized access to government subsidy and banking systems.
Possible Network Links and Administrative Nexus Under Investigation
Sources suggest that the accused may have had access to bureaucratic support or strong administrative connections, which may have contributed to his evading detection for years. Police are now examining whether this was part of a larger data-fraud syndicate.
Investigators have begun analyzing:
- Digital transaction history
- Device forensic data
- Aadhaar update logs
- Client network activity
Khan is expected to be taken on police remand for further questioning.
Identity Security Concerns Resurface
The case has rekindled debate over the security of biometric-based identity systems in India. Cyber experts warn that biometric cloning technologies, if misused, pose a major threat to national digital infrastructure, banking systems and citizen privacy.
For now, police have intensified investigation, and more arrests or linked disclosures are expected in the coming days.
