In a major breakthrough against cyber-enabled financial crime, the Cyber Crime unit in Ahmedabad has busted a sophisticated fraud racket that allegedly used deepfake technology to manipulate Aadhaar-linked data and carry out identity theft. Four accused have been arrested for their role in the operation, which involved unauthorised access to sensitive personal data, fraudulent mobile number updates, and misuse of digital financial platforms.
The case came to light following a complaint by a city-based businessman, who discovered that the mobile number linked to his Aadhaar had been changed without his knowledge. When he attempted to access Aadhaar-based services for business documentation, he found discrepancies in his profile, including unauthorised changes to his registered mobile number and email ID. Further checks revealed that his identity credentials had been used to access DigiLocker, complete e-KYC processes, open bank accounts, and even apply for personal loans through digital lending platforms.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
Deepfake videos used to bypass Aadhaar biometrics
Investigators revealed that the accused employed advanced techniques to bypass Aadhaar’s facial authentication system. Using a photograph of the victim, they allegedly created AI-generated deepfake videos that simulated facial movements such as blinking and expressions. These manipulated visuals were then used to deceive biometric verification systems during Aadhaar update procedures, allowing them to alter critical account details.
The fraudulent updates were reportedly carried out using Aadhaar update kits, which are typically operated through authorised Common Service Centre (CSC) operators. According to the investigation, these kits were misused to execute unauthorised changes in Aadhaar-linked mobile numbers, enabling the accused to gain control over the victim’s digital identity.
Accused, roles, and organised network
The four accused arrested in the case have been identified as Kanubhai Bahadursinh Parmar (32), a CSC operator from Anand district; Ashish Rajendrabhai Waland (27), a CSC operator based in Vadodara; Mohammad Kaif Iqbalbhai Patel (26), associated with a CSC centre in Bharuch district; and Deep Maheshbhai Gupta (29), a machine operator from Ahmedabad originally from Uttar Pradesh. All four are currently in judicial custody.
According to investigators, Parmar allegedly supplied Aadhaar update kits to co-accused in exchange for commission, while Waland is suspected to have facilitated the use of these kits for fraudulent mobile number updates. Kaif Patel allegedly coordinated the collection of Aadhaar details, photographs, and target mobile numbers, and played a key role in generating the deepfake videos used for authentication bypass. Gupta is believed to have assisted in arranging and transmitting the victim’s personal data required for the operation.
The probe also revealed that once access to Aadhaar-linked systems was established, the accused exploited DigiLocker and other e-KYC platforms to open bank accounts and apply for digital loans in the victim’s name. These activities highlight how identity theft is increasingly being combined with emerging technologies to execute complex financial frauds.
Recovery, wider probe, and expert warning
Authorities have recovered the Aadhaar update kit used in the operation, and further investigation is underway to identify additional accused and determine whether more individuals were targeted using similar methods. One of the accused was also found to have been previously involved in a separate case related to fake Aadhaar card preparation, indicating a pattern of organised activity.
Cyber experts warn that such cases demonstrate the growing threat of deepfake technology in financial fraud. A researcher at Algoritha Security noted that criminals are now leveraging artificial intelligence tools to bypass traditional verification systems, making identity-based fraud more sophisticated and harder to detect.
The accused have been booked under relevant provisions of the Bharatiya Nyaya Sanhita, 2023, and the Information Technology Act, including charges of criminal conspiracy, forgery, identity theft, cheating, and unauthorised access to computer resources. Investigators are continuing their efforts to map the full extent of the network and prevent further misuse of digital identity systems.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
