Tuesday, January 13, 2009

WiFi terrorist scare - stalinist state control

Open Wi-Fi Aids Terrorists, Mumbai Cops Say

By Noah Shachtman January 12, 2009

Governmentseewebsite3 Open wi-fi is a terrorist tool and has to be shut down, right this second. That's the conclusion, at least, of the Mumbai police. Starting today, the Times of India reports, "several police teams, armed with laptops and internet-enabled mobile phones, will randomly visit homes to detect unprotected networks."

"If a particular place's wi-fi is not password-protected or secured then the policemen at the spot has the authority to issue notice to the owner of the wi-fi connection directing him to secure the connection," deputy commissioner of police Sanjay Mohite tells The Hindu. Repeat wi-fi offenders may receive "notices under the Criminal Procedure Code," another senior officer warns the Times.

Mohite notes that e-mails taking credit for terror attacks in New Delhi and Ahmedabad were sent through open wireless networks. "Unprotected IP addresses can be misused for cyber crimes,'' he says. Other Indian cities now require cyber cafes to install surveillance cameras, and to collect identification from all customers.

But plugging up all those perceived security sieves in Mumbai is going to take some work. A quick Sheriff's Brigade survey on Sunday showed that 80 percent of wi-fi networks in South Mumbai were left unlocked. And it's not like terrorists are all that 802.11-dependent, of course. An e-mail also took credit for December's massacre in Mumbai. Whether that came from an open wi-fi connection or not is unclear -- the mailer used an anonymizer service, to cover his electronic tracks.


MUMBAI: Alarmed at the misuse of unsecured WiFi networks by terror outfits, the Mumbai police have decided to check for all such unprotected

networks. Come Monday and several police teams, armed with laptops and internet-enabled mobile phones, will randomly visit homes to detect unprotected networks.

Five months ago, members of the Indian Mujahideen had allegedly hacked into US national and Sanpada-resident Kenneth Haywood's computer to sent terror mail prior to the 2008 Ahmedabad serial blasts. Terrorists used the unsecured WiFi network of Chembur-based Kamran Powers Control Pvt Ltd to send emails after the September 13 blasts in New Delhi last year. An email sent to a media house by people claiming to be members of the Indian Mujahideen was traced to the WiFi network of Matunga's Khalsa College of Arts, Science and Commerce. The email threatened to eliminate police officers probing blast cases across the country.

"It's an awareness campaign. In the first phase, we will educate users about securing their WifI networks," said Sanjay Mohite, deputy commissioner of police. "Our officers will visit homes, schools, colleges as well as corporate houses,'' he said.

The police will start their drive at Bandra-Kurla Complex which houses many corporate offices. Simultaneously, they will begin their drive for residential areas at Malabar Hill. "Unprotected IP addresses can be misused for cyber crimes,'' Mohite, who has been in-charge of the Cyber Crime Investigation Cell for two years, said.

On Friday, additional commissioner of police, K Venkatesham, organised a seminar on WiFi. Cyber expert Vijay Mukhi briefed 80 police personnel on securing an unprotected network. "We may issue notices under the Criminal Procedure Code to those who do not secure their WiFi network in the future," said a senior officer.

Mumbai (PTI): City policemen will be soon seen roaming in the streets with laptops in their hands in search of unsecured Wi-Fi connections.

In an initiative taken by the Mumbai police, in the backdrop of terror mails sent before blasts and terror attacks, policemen will be sent to various locations in the city in search of unsecured Wi-Fi connections.

"If a particular place's Wi-Fi is not password protected or secured then the policemen at the spot has the authority to issue notice to the owner of the Wi-Fi connection directing him to secure the connection," DCP Sanjay Mohite told PTI.

The notice will be issued by the police under section 149 of the Criminal Procedure Code which is to prevent the commission of a cognizable offence.

The step was taken at a conference on Friday where around 80 police personnel were present to learn about Wi-Fi connections and cyber crime.

Terror mails were sent through unsecured Wi-Fi connections prior to the Delhi and Ahmedabad blasts. While the mail sent before the Ahmedabad blasts was traced to the residence of US national Kenneth Heywood in Navi Mumbai, the mail sent prior to the Delhi blast was traced to a residence in suburban Chembur.

The Wi-Fi connections in both the cases were unsecured, which was used to send the terror mails.


NEW DELHI: Investigations into the source of the email purportedly sent by an outfit called Deccan Mujahideen to a TV channel claiming responsibility for the Mumbai attack have hit a dead end due to the jihadis' technical expertise and their knowledge of sophisticated software.
It was found that the jihadis had used the anonymous "remailer" service - which is the most secure and least traceable way to send an email - instead of the normal Internet service availed on earlier occasions.
Contrary to the normal Internet service which can easily trace the origin of an email through IP address of a particular computer, the remailer service not only deletes the IP address but also all details including the sources from where someone might have requested the secret service.
An official said, "There are several software available for the remailer service that lets one send anonymous email through a web interface. Some other software allow send email messages that can only be viewed for a certain time and one can remain anonymous to boot."
Though investigators found that the main server of Deccan Mujahideen's email was located in Russia, they have not been able to locate the place from where the email was sent. Use of the anonymous "remailer" service is a pointer to the meticulous planning of the terrorists and their technical expertise.
Sources in the home ministry said that though cyber experts were still trying to trace the origin of the email using different software and they could even find it, India could contact Russia for help if it failed to trace it as the "remailer" service provider was traced to that country.
The jihadis' move also shows the progress made by them in pursuing their designs as they first used cyber cafes, then moved to Wi-Fi system and now to "remailer" service to send emails.
Following earlier terror attacks, Indian Mujahideen, a splinter group of the banned SIMI, had sent five emails. While the first two - after serial blasts in UP courts and Jaipur - were sent from cyber cafes in Delhi and Sahibabad respectively, the others were sent using Wi-Fi system from Mumbai after serial blasts in Ahmedabad and Delhi.
"Origin of all these emails were traced within hours through the IP addresses. But this time, the terrorists made the task tough due to use of remailer service," said an official.
Investigators believe the terror masterminds might have done this knowing the fate of earlier emails - yet another pointer of their complicity even though the earlier strikes were carried out by locals in the name of IM.


[Image]The Indian news vine seems to be full with the Indian government’s decision to keep a closer eye on the cyber cafes, thanks to recent terror attacks in the country. Already, a lot of cyber cafes have been asking for photo-id cards before you can go in & surf. Now come a few more regulations. First, Mumbai cafes have been asked to install CCTVs (closed circuit television) in addition to the already introduced system of logging identity cards. (Just pray that your wife won’t have the right to ask for footages to check on that ‘Candy Foxx’ you chat with, after office hours.) The cyber cafes have also been mandated to get registered on a Rs 100 stamp paper and shall also have to pay a renewal fee of Rs 250 every two years, alongwith Rs 500 per annum as registration fee. If you think that’s enough, here’s the rocker of all. The cyber cafe owners have been asked to store information regarding internet browser, website history, internet cookies, downloads and proxy logs, for the next 6 months!

[Image]Yes, we still think we are living in a democratic country. What I am surprised at is the lack of furore among the blogging community. First, I fail to understand how the Government is being allowed this serious an impeachment of privacy. Secondly, it also beats my intelligence on why the officials would get into so much of a hassle in their quest to track every single keystroke of the Indians.

Let us, first, try to find a more approachable solution to problem that the authorities face -

How to log every single key being pressed in India?

[Image]This is where I can see branded cyber cafes making big bucks! Establishments like Reliance Web Worlds, Zapak & Sify already have the required infrastructure in place. Users do need to get themselves registered before they can surf on the web. What I suggest is to include government issued identity numbers (like PAN Number, Driving License Number, Passport ID etc) as a part of the registration process. Since, surfers need to log in to be able to surf, all their online activities already get logged and tagged on their heads. Moreover, normally, the machines used in aforementioned establishments have been programmed to delete all private data after you log off. Since the authorities, anyway, plan to log every private detail, these softwares could be modded to first upload the data onto a central government server and then delete them off, thus relieving the cyber cafe managers off the load and responsibility of collating the data and storing them for 6 months. (Just a idea here - do you think Google Profile shall be interested to make a deal with the ruling party to share this huge data? In that case, how much would the data sharing process be charged for?)

Now coming to private entities - since such a registration system is absent in most of the privately owned cyber cafes, rather than trying to enforce logging of data, installation of cameras and taking surprise visits, Indian government could program such a software that would be capable to do all that I have suggested above and ship them to every cyber cafe owner, during their registration process. This software could also include applications that could automatically log how long a user had been online and after logoff, informs the owner how much to be charged for the time.

How to unify the complete system, so that cyber cafe users find peace of mind (ironic, eh?)

[Image]Since I have already mentioned the idea of a central government controlled database, it can also come up with the same login software for every single computer on the public domain, branded or non-branded, that can be made compulsory to be used. Next step would be to get the netizens registered into that database, with required documents, the way we do for gas connection, passport and the likes. Now, there remains no issue of carrying documents with you, 24×7, just because you suddenly might feel the need to go surfing. All you need to do is visit a cyber, log in to the central database and get going. This also saves the cyber cafe owners off all the hassles concerning high costs of installation and the hassles of maintaining records!

Finally, how can we prevent the breach of privacy?

Privacy? What’s that? Didn’t you know that India has decided to follow China’s footsteps?

[Image]Seriously, if you are reading this online (I specifically mention online ‘coz I have high hopes this article might get noticed and printed on some distinguished publication, one day :-P) there is a 99.999% chance that you access and use emails to communicate to your friends and acquaintances. Now, technically, it is very much possible for someone working with your email service provider to read through your emails. (I am considering emails here because that is what we consider to be our most private online property) Yet, how many times have you ever stopped sending a personal email worrying that someone somewhere might be stalking you? The factor here, is faith! You trust your email service provider that it won’t share your data with others.

You’ve got no choice but to show the same faith in our government too. We shall have to believe and trust that our data will be safe and secure with them. Truthfully, with the amount of data they already have, about us, any man can be scooped up and made never to exist, in the first place? You do not believe me? Suppose you had applied for the visa and suddenly realized that no data exists in the official servers, on you. You try ordering a gas cylinder and they tell you there is no registered account on your name. All of a sudden, you’ll realize there’s nothing in this world that can prove that you even exist, let alone having a private life!


Yes, there is a way to overcome all the dilemma (and I’m sure it won’t stay like that for long). All you need to do, if you do surf the internet, is buy a computer for yourself and start hunting for a free and unsecured wireless connection in your neighborhood. It has become quite a commonplace these days, anyway!

Bookmark and Share
posted by u2r2h at Tuesday, January 13, 2009


Post a Comment

<< Home