the story So Far:
TeaWith opposition leader Rahul Gandhi alleging large-scale “vote theft” (vote fraud) in Karnataka, Maharashtra and Haryana, the case of voter fraud in Aland Assembly constituency in Kalaburagi district of North Karnataka has emerged as one of the most well-documented voter fraud cases.
Why is this case different?
First, it was the Returning Officer (RO) of Aland constituency who lodged a complaint with the police alleging voter fraud in February 2023, based on which an FIR was registered. The Election Commission (EC) itself has alleged a malicious attempt to remove the names of 5,994 genuine voters from the voter list by providing false information.
Secondly, following the investigation of the FIR by a Special Investigation Team (SIT) constituted by the Karnataka government, a chargesheet has been filed against former Bharatiya Janata Party (BJP) MLA from Aland, Subhash Guttedar and his son Harshanand Guttedar for allegedly hiring a private firm to target voters they suspected would vote for their rival and deleting their names through forged Form 7s.
This is the first case where a clear link has emerged to the allegations of “vote theft” made by the BJP and the Congress.
How was the fraud exposed?
In 2018, veteran socialist and now Congress MLA from Aland, BR Patil, lost the seat to BJP’s Subhash Guttedar by a slim margin of 697 votes. Mr Patil was again a candidate for the seat from Congress in the 2023 assembly elections, which he ultimately won by 10,348 votes.
In February 2023, to his surprise, a Booth Level Officer (BLO) received a Form 7 application, seeking to remove his brother’s name from the voter list saying that he had been “transferred”. The application was made in the name of a woman from the same village. When they investigated, the woman refused to make any application. Subsequently, a review of Form 7 of that village found that 40 such forms were forged.
Any voter of a particular assembly constituency can fill Form 7 seeking deletion of the names of other voters of the same constituency, after their death or if they have moved out. These applications are sent to the BLO for ground verification, after which they are processed. However, in most of the cases, BLOs accept these applications blindly without verification. In this case, the brother of the BLO, whose name was sought to be deleted, told Mr. Patil about the forged Form 7 in his village and said that the people whose names were sought to be deleted were all Congress voters. This set off alarm bells, leading to Mr Patil complaining to the Election Commission and demanding thorough verification of all Form 7s.
How did the investigation proceed?
Mamta Kumari, assistant commissioner and then RO of Aland assembly constituency, who was entrusted with the task of audit of Form 7, said in her last complaint to Aland police that there were 6,018 Form 7s in Aland assembly constituency between December 2022 and February 2023, of which only 24 were genuine while 5,994 forms were fake. He said there was a conspiracy to disenfranchise genuine voters and demanded an investigation; An FIR was registered against unknown persons. The investigation into the FIR was eventually transferred to the Criminal Investigation Department (CID) of Karnataka.
The Election Commission shared data of over 5,700 fake Form 7s with the police, including mobile numbers used to create login IDs and passwords on EC portals like the National Voters’ Service Portal (NVSP), through which all the fake Form 7s were submitted. It also provided IP logs. The CID received public Internet Protocol Detail Records (IPDRs) from telecom service providers (TSPs), which were in IPv4 format and each IP address had more than 200 users associated with it as dynamic IP addresses. This meant examining more than 8 lakh devices. To narrow the search, CID sought the destination IPs and ports of the sessions through which these forged Form 7s were created. Despite at least 12 letters written by the CID to the Election Commission demanding this data, the Commission did not respond, as reported The Hindu On 7th September.
Then, on September 18, 2025, Mr Gandhi held a press conference in Delhi and questioned the Election Commission on alleged vote fraud. Even though the Commission had initially claimed that no false names of voters were removed in Aland, a day later, the Chief Electoral Officer of Karnataka admitted that there had been “unsuccessful attempts” to remove voters and the Election Commission itself had filed a complaint.
Subsequently, the Karnataka government constituted a SIT under the leadership of Karnataka Additional Director General of Police (ADGP) BK Singh.
How was the matter resolved?
Since the EC did not share the destination ports and IPs, the SIT found another way. Sources said the SIT examined some of the 24 genuine Form 7s made in Aland, identified their IP addresses and reverse engineered them to narrow down the detection of equipment used to make fake Form 7s.
The SIT found that many of the 5,994 forged Form 7s could be traced to the mobile internet connection of Mohammad Ashfaq, a resident of Kalaburagi. Ashfaq allegedly confessed to submitting the forged Form 7, but said he was only working for his relatives, Akram Pasha and Aslam Pasha, who ran a “call-centre like” firm in Kalaburagi, which had the contract to produce the Form 7. He was reportedly paid ₹80 for each forged Form 7. Subsequently the Pasha brothers were detained, interrogated and their premises raided. The SIT claimed that they have recovered several digital devices through which the forged Form 7s were created, which are now crucial evidence in the charge sheet filed recently by the SIT.
The trio reportedly said they got the contract to do so from then BJP MLA Subhash Guttedar, who was a four-time MLA from Aland, and his son Harshanand Guttedar, who was a three-time Kalaburagi district panchayat member. The SIT raided the residences of him and his chartered accountant in Kalaburagi, and recovered digital devices and evidence of money transactions between the Guttedars and Akram Pasha. It is alleged that the factionalists marked voters whom they thought would vote for their opponent and handed it over to Akram Pasha.
Additionally, the gang members were caught destroying evidence, including several bundles of voter lists stored at his Åland residence. He has also been accused of destroying evidence.
What was revealed during the investigation?
In 2023, the EC had shared with investigators 64 mobile numbers using which accounts were created on NVSP. 5,994 fake forms were submitted through these accounts. When a person creates an account on NVSP, he or she needs to enter their mobile number, which will be the login ID, and receive an OTP. This will prompt the portal to verify the user, after which a password must be set.
The investigation started from these phone numbers. Investigators found that the owners of these mobile numbers were from more than 15 states in the country. None of them had created these accounts nor given the OTP received on their phones.
The mystery was solved when the Pasha brothers pointed the investigators to a website called ‘otpbazaar.online’, which sold credentials for online transactions in exchange for a price that could not be traced. Once one registers on the website by paying a fee, it will give you a random mobile number, which can be used for any online transaction. Sources said that within a few minutes the website will give you an OTP sent to the mobile number using which the brothers allegedly opened the accounts at NVSP.
Through the money transactions between the Pasha brothers and the website, the SIT also traced and arrested Bapi Aadya, the person running the website from Nadia district of West Bengal. However, how he was able to deliver OTPs to random mobile numbers on the selected website still remains a mystery. Their website is an Indian franchise of a US-based website called ‘sms-activate.io’. SIT has not been able to access the server of this website. However, considering its huge consequences in promoting cyber crime, they are taking steps to remove ‘otpbazaar.online’.
Has the voter portal been compromised?
The charge sheet in the case lists six loopholes in the NVSP which were misused by the accused to generate fake Form 7, some of which have now been rectified.
Any mobile number and the OTP sent on it can be used to create an account and set a password.
Subsequent logins require only the password and not any OTP. Any number of applications can be made from these accounts. No alert was sent to the person in whose name the application was being made or whose name was sought to be removed or added to the list. Moreover, there was no fixed session time on the portal.
A few days after Mr Gandhi’s press conference in September, 2025, the Election Commission introduced a new e-sign facility, which mandates that people who make any online application for addition, deletion or correction verify their identity through the mobile number linked to their Aadhaar.
Although this will increase security, it is not clear whether all the six vulnerabilities identified by the SIT have been plugged.
