• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Brand Quest
• The New Manager
• BL Club
• Smartbuy

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth
• Events 2007

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

R.K.Raghavan

It is the same old story again. As in the case of a few past blasts, such as the series of UP explosions (November 2007) and Ahmedabad (August 2008), terrorists involved in the five explosions of Delhi on September 13 sent e-mails to the media just a few minutes before the bombs took off, warning the authorities of their action. There are, however, several unexplained issues here.

First, it is a matter of speculation why the action was not timed for the seventh anniversary of 9/11, which took place two days earlier. That would have lent more drama to the terrorist action and invited greater international attention. More intriguing is the question why they have got into the practice of using cyberspace to issue a kind of an alert that had become meaningless to those accountable for initiating quick preventive action. Tipping off the authorities just a few minutes in advance when they cannot intelligently react is nothing but crude sadism and an attempt to bring ridicule to law enforcement agencies.

Using an e-mail system to warn of attacks does not demand knowledge of high technology. It does not impress anybody. What should, however, now cause eyebrows to raise amongst us is the terrorist ability and planning that makes detection of the source of their e-mail messages extremely difficult.

Using a cybercafé where hundreds have access is reasonably safe for a terrorist as long as he does not go the same café for a second time. Very significant now is his intrusion into what is the preserve of a legitimate wireless Internet subscriber and hijacking it for sending the warning mail minutes before bombs explode.

While we know that dishonest citizens sometimes use a neighbour’s wireless connection so as to evade paying for a lawful connection, it is a revelation of sorts that terrorists also use such a modus operandus to successfully hide their identity.

While we admire their ingenuity in choosing a technology that hardly provides a clue with regard to the actual intruder, I am happy that investigating agencies have been able to locate the person holding a particular Wi-Fi account that had been violated by the terrorist. The point is even this information does not lead the agencies very far, except that at the time of intrusion, one in the terrorist group was possibly within a short radius from the machine that was used by the lawful account owner. If the latter normally used a laptop which he carried from place to place, and he does not remember where exactly he was at the time his account was broken into, investigators will still find themselves in a blind alley.

The security of Wi-Fi connections had always been suspect. This, however, has not deterred many Internet addicts from using it, because it is so convenient and user-friendly in these days of mad routines and stiff deadlines to keep. This is why all advice of caution while surfing through a wireless connection becomes literally ridiculous.

I find the frenzied debate on the issue, in the context of the finding that such a device is being hijacked at will by the terrorist, rather hilarious. While a terrorist using somebody else’s Wi-Fi connection may be news, we already know that he uses the Internet to communicate with others in the game in a coded manner. The practice of leaving messages in the Drafts folder of an e-mail Inbox shared by a group of terrorists so to avoid interception in transit is well known. We should be more concerned with this rather than the terrorist ability to hijack wireless accounts. This does not, however, dilute the wisdom of sensitive public officials scrupulously keeping off wireless Internet when they are passing on crucial information pertaining to anti-terrorist operations.

Also, home users will do well to change passwords frequently, as well as switch off computers when not in use, to make it more difficult, if not impossible, for an intruder on the prowl.

In my view there are two needs of the hour. Monitoring of e-mail traffic by security agencies needs to be expanded and rendered more focused on the basis of intelligence inputs. This is with a view to intercepting messages that are of value to security apparatuses engaged in counter-terrorism. This, no doubt, raises questions of privacy. With two prominent countries in the West, the US and the UK, arming themselves with the authority to snoop on e-mails for reasons of protecting national security, a nation battered by terrorism such as ours cannot lag behind. Of course, we need to do whatever is possible to oversee such authority so as to reduce chances of an abuse, instead of denying such authority to intelligence outfits totally. I am certain that the Union Home Ministry is working on these lines. I will be surprised if they are not.

The second course of action is to build competence within the police that enables the latter to meaningfully keep track of developments in cyberspace. It is no secret that even the higher echelons of the Indian Police Service have only remote interest in the area, what to speak of their acquiring expertise. Unless these levels become computer-savvy and enthusiastic, they will not train their juniors.

It is important to raise expert groups in the State and Federal police organisations. It is even more necessary to spread computer education among the Constabulary who form the cutting edge. It is they who are the eyes and ears of the government in tracking down cyber offenders. It is my bet that few of them have heard of the IT Act, and even fewer know that intruding into another’s wireless connection is irregular if not totally unlawful.

Incidentally, while we can stretch Section 66 of the IT Act 2000 (which deals with ‘hacking’) to tackle this menace, it is time we made a specific provision in the Act that makes stealing of mail accounts a punishable offence as in many other countries.

This becomes essential in the context of recent happenings in Ahmedabad and Delhi where the miscreants are suspected to have stolen e-mail accounts from Wi-Fi subscribers.

If we have to render the bulk of our police forces more knowledgeable, it is matters like the nuances of the IT Act that should agitate discussions within the Indian Police. Unless this happens we can hardly expect our policemen to intervene intelligently in situations where we find terrorists misusing cyberspace for the diabolical purpose of disrupting national security.

The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.

More Stories on : Security | Internet | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Copyright © 2008, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line