If you have a reservation in a long-distance train, there are chances you may find a contender for the berth on the day of boarding. Recently, ten passengers found themselves fighting over five berths in a train. All had valid tickets. An investigation by the comptroller and auditor general (CAG) showed that a temporary employee had issued the duplicate tickets by misusing the passenger reservation system (PRS).

The CAG report reveals that the information technology (IT) network installed by the railways for its busy western sector — which covers Maharashtra — is “exposed to external and internal threats”. The report says there is no mechanism to guard against mischief by an employee with valid access to information.

“[The] ease of obtaining and using hacking tools, steady advance in sophistication and effectiveness of attack technology and the dire warnings of new and more destructive cyber attacks could affect the railway’s computer system,” the report says. “The IT security of computerised applications in Western Railway is grossly inadequate.”

The CAG found that IP addresses were being misused by staff to access the Internet and that five of 12 PCs connected to railnet.gov.in at a facility could be operated with the administrator’s account without a password. “Network security and traffic is not being effectively monitored; information security and access controls are inadequate to protect the confidentiality, integrity and availability of data, thereby exposing the IT systems to both external and internal threats,” the report says.