[ad]
It seems India are getting serious about terrorist activities being co-ordinated via the Internet, they are starting to run extremely deep surveillance on many cyber-cafes in Mumbai.
The solution appears to be some kind of ‘legal’ trojan system that will collect logs and send them to the police
The Mumbai police will soon have khabris deployed (not physically) at over 500 cyber cafes in the city. A new software will allows cops to swoop down on terrorists the moment a keystroke is pressed at any cyber café across the city.
Investigations into the recent Hyderabad and Mumbai blasts have revealed that the planning was done using the Internet especially, chat rooms.
In fact, it is a well-known fact that terrorists all over the world do not use paper and pen or the phone to communicate. Everywhere, all over the world, it’s the net.
It seems to be fairly basic, key stroke logging and time lapsed screenshots fed back to a main server. There doesn’t seem to be any clever analysis going on, perhaps a few thousand Indian programmers will be sifting through the screenshots to identify anything dodgy amongst all the Telegu Karaoke videos and Punjabi Porn.
Vijay Mukhi, President of the Foundation for Information Security and Technology says, “The terrorists know that if they use machines at home, they can be caught. Cybercafes therefore give them anonymity.”
“The police needs to install programs that will capture every key stroke at regular interval screen shots, which will be sent back to a server that will log all the data.
The police can then keep track of all communication between terrorists no matter, which part of the world they operate from.This is the only way to patrol the net and this is how the police informer is going to look in the e-age,” added Mukhi.
Is it a privacy concern? Well yeah I guess it is, but then who conducts anything important from a cyber-cafe anyway?
All you need to do is find an un-encrypted wifi point…
Source: Mid-day
Yash says
I recently wrote a blog post about the same and its various security implementations. Here is a link if you are interested:
http://www.securitybrigade.com/index.php/blog/blog_view/15
Sandeep Nain says
So a number of serial blasts have made indian government to think about catching the terrorists if they use internet:
Its good that Indian Government has started thinking on these materials.. this whole idea has many flaws e.g.
1. india has cyber cafes in every corner of every street… so it will be almost impossible to implement this idea and monitor every activity from all the computers
2. Use of proxies or tor can hide the location of the attackers.
3. reading an email and sending an email will take atmost 5 minutes.. it will not be easy for a police to identify the location, alarm the police petrol vans and send a unit to the location in such a short span..
Despite of all this, its good to know that indian govt is taking this issue seriously.. and things may improve over time.
srinivas says
It is known to everyone that terrorists are using internet for their activities. Especially in countries like India, the government has to spy internet users as it has to protect the citizens from the terrorist attacks.
In order to spy internet users the government of India or the police need not go every cybercafe located in the country to install spying software to monitor internet usage. They can do so even without installing any spying software. Many of you won
Sandeep Nain says
@Srinivas
Hi srinivas, I’m actually aware of the news you are talking about. The software is not developed as yet but being developed by CDAC. It was told that there will be 2 centres in india (mumbai and delhi) where this monitoring will take place.
and definitely it will help in in reducing the number of terrorist messages being transferred through internet. but it won’t be that simple to differentiate between the normal messages and terrorist messages as terrorists tend to encode them to simple language.
dre says
do you guys have GSM modems (e.g. GPRS, EDGE, HSDPA) in India?
in the US, I often use a tethered phone and use the Verizon or Sprint EVDO service… EVDO is AES encrypted and difficult to monitor in comparison to WiFi
Sandeep Nain says
Yes dre, we do have EDGE and GPRS and HSDPA in india and is being used widely.
Well yes you are rigt EVDO will b hard to monitor and there are several other ways too to hide the real identity of the internet users.
which will make indian govt’s task really tough.
It seems like now terrorists will need to get university degrees in internet communication if they want to continue using internet ;)
srinivas says
hi Dre and Sandeep Nain,
The task will not be that easy for the government and law enforcement agencies to monitor internet given the various methods available to connect to internet and hide oneself using different techniques. And moreover the government of India never released an official statement that it wants to monitor internet users (correct me if I am wrong). Only the regional law enforcement agencies speak about this whenever some incident happens. What I feel is the government tacitly supports the idea of monitoring internet.
As long as there are higly skilled technical people who can do anything for money work for these organizations what is the need for the terrorists to join some university and acquire a degree in computing and security. They just throw some money to get their work done.
It would be foolish to think that terrorists communicate through internet only they have other means too. Since the terrorists and their organizations are spread through out the world they are most likely using internet to communicate.
India has many security gurus but many of them always keep a low profile owing to different reasons. The government and law enforcement agencies have to take the support of these security gurus (Network managers, Crypto breakers etc.,) ISP’s. All these people have to work with coordination in order to contain the threat from terrorists.
Sandeep Nain says
@srinivas
There are 2 news floating around regarding india’s counter terrorism measures.
1. monitoring the cybercafes for tracking the suspecious internet users.
2. monitoring the entire internet telecommunications including SMS and telephone conversations.
The first type of monitoring is more of a state govt operation and more of a talk rather than implementation.
where as second type of monitoring is an operation started and controlled by centre govt and is a very large scale project.
Now, it will be very difficult task. Not because India don’t have enough resources or security gurus but because the number of internet users and traffic is way toooo large…
and the last thing… university degree for terrorists: I was just adding some humour to my post ;)
fazed says
if the loging is hardware based
you could just bring your own keyboard
or use an on-screen one,
if it is software based then you
could create an application which
fools it and if it is network based then
use https which stops this type of
MITM loggin.
seriously this wont stop them they will
always find anouther way around it.
infact the best way to log what is going
on is the TFT/flatpanel version of van Eck phreaking
grav says
This is mostly impossible to monitor
it is easy to hide stuff in various file formats
a terrorist could type stuff into a txt document
and then just merge it with an image file
that way, only the sending and receiving parties would know the difference between that image and the hundreds of other images floating around
the cafe just has to be used to send the email so that the ip would be shared by a bunch of ppl
all the other stuff could be done at home on any computer
Navin says
frankly grav you don’t even have encrypt it…In India, the idea of “BIG BROTHER WATCHING” itself is in its stages of infancy……on one hand the government speaks of putting the power of the internet into every lay-man’s hands ( and I must add there’s still a long way to go until this happens) and on the other hand they come up with such ideas tht more or less scare people from using cyber-cafe’s which are thronged by first time netizens.
The police even planned to launch a nation-wide id campaign i.e if U wanted to use a cybercafe, U’d have to come in a day early, get a snap of yourself taken ( by the owner/worker of the cafe only as per guidelines), collect the id a day later (it goes thru a background check as well at a local police station and is stamped by the head of the police station!!) and then the next day you can use the net ( that is if the net is working, which quite a few cyber-cafe’s can’t promise!!) This may be funny but it was a proposal from the Indian police as part of their anti-terrorism schemes.
Now you tell me, would such schemes help to give people access to the net or just scare them….. esp. considering that so many Indians live in rural areas where the basic necessity of food and water are not assured?? Would you, oh great citizens who’re willing to pay abnormally high prices for a cup of coffee at starbucks be willing to go through this stuff?? The answer is simple — NO!!
All in all, it is inspiring to see that the Indian police is atleast thinking of the new-age methods used by terrorists (Instant Messaging and Cellphones are BTW is gaining popularity among these miscreants according to the police), but the methods tht they plan to implement, atleast as of now are of minor significance.
HOW MIND-NUMBINGLY DUMB CAN DEY BE?? It nearly makes Dubya look smart!!
zupakomputer says
Militias of any type are based around the kind of programming that pre-exists electronics all in. Hence why most of all this stuff about terrorists using the internet for co-ordinations, is bs, because really it’s all going on where the likes of remote viewing and psychic stuff happens; hence the Holy part of any of the actual point of what any fights are about: age old heaven and hell.
The technology side of it: all smoke and mirrors.
A successful guerilla is co-ordinated the same way birds in a flock all know what one another are doing and are going to do next.
The core knowledge behind what drives all of any struggles here for freedom, exists far beyond your incarnate name and address of your physical body. Thus the networks themselves anyway, are merely a mirror of an already corrupted physical reality that the soul in born into. You might know everything about someone’s life from birth here – but what do you know about who they really are, in the real world of the soul.
But yes – it does help to stay off the census.
That – is what the whole good vs evil, Holy War everything is actually about. Otherwise it wouldn’t refer to religions and spiritual anything, it’d just be political and only about the finite world of the body.
Understand that, and suicide bombing becomes understandable; what really dies?