Our intelligence agencies were not able to identify the owner of @shamiwitness Twitter handle because of a spoofed IP address. Laughable, only if it were not a matter of national security
The Mehdi Masroor Biswas case has quite unwittingly unearthed the mother of all ironies. A distance of less than 10 kilometres separates the Bengaluru police headquarters and Indian space research organisation (ISRO) brain centre. Yet they are literally worlds apart. While one cracked the digital and technology code comprehensively, a world’s first, to pilot an unmanned craft million of miles away to the red planet on the first go, the other has been stumped by a masking of a static internet protocol (IP) address, something technologically savvy school kids are able to do with some ease these days. By all accounts, Biswas had been operating his Twitter account in support of the brutal ISIS, or IS, for close to two years. Again, by all accounts, he was doing so without ever coming on to the radar of the intelligence agencies, including the ones specifically created and tasked as part of the National Cyber Security Policy of 2013 to keep tabs on all kinds of digital footprints.
According to sources in the know here’s what transpired. It makes for an absolute comic caper of a story, if it weren’t for a question of national security. Intelligence agencies had no clue that the @shamiwitness was operated by an Indian, much less a software engineer working in a major multinational company and living just about 15 km away, in Jalahalli, from the cyber cell of the Bengaluru police. In fact, several sources said that many higher-ups in premier intelligence agencies were not even aware of the existence of the Twitter handle. All hell broke loose when the British Channel 4 telecast an interview with Biswas in which he admitted that he was the brain behind what was widely considered to be the ‘official ideological mouthpiece’ of the IS. One top intelligence official’s initial reaction, according to a highly placed source, was: “How can Biswas be the surname of a Mehdi? Is he a Muslim or a Hindu? All these media guys are just making up things.”
It was a classic lost-in-translation laughathon with each agency, and super agency, speaking a different tongue and pointing fingers everywhere. National security adviser (NSA) Ajit Doval, an astute and feared intelligence officer, did not see any humour in it and threw the riot act at the agencies.
Scrambling for cover, the intelligence bosses pushed the Bengaluru police and asked commissioner MN Reddi to directly supervise the case. The top cop was quite confident that his cyber cell would be able to track Biswas. That’s when it all unravelled. After a few days, Reddi found to his absolute horror that his so-called crack team was not even able to penetrate basic IP spoofing techniques used by amateur hackers to cover their tracks. Biswas had masked his static IP address, a sort of unique identification and location beeper which is assigned to anyone who logs into the internet. Suitably chastened he went to the intelligence agencies to Delhi expecting them to help him solve this part of the investigation. After dilly-dallying for a few days, the intelligence agencies told Reddi that they also did not have the ‘suitable capacity’ to help. A highly placed source said that when Doval learned of it, he was horrified. He then decided to personally intervene and retrieve the situation and called up some of his intelligence contacts in the British establishment, who then prevailed upon Channel 4 to call up Biswas again. This time, the Bengaluru police triangulated Biswas’s location through his cell transmissions and landed up at his house.
On paper at least, India by now is supposed to have a National Cyber Coordination Centre and a National Critical Information Infrastructure Protection Centre. At least that’s what the National Cyber Security Policy of 2013 recommends. Yes, the policy also promises “to create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions... and create a workforce of 5,00,000 professionals skilled in next five years through capacity building skill development and training”. All of this sounds vague and very very fluffy, precisely what Doval discovered to his shock. So why are our intelligence agencies, for lack of a more evocative word, such headless chicken when it comes to digital technology? Surely it just cannot be the lack of expertise and capacity, and neither can it be the oft-repeated reason about “not being able to keep pace” with developments in the digital technology field.
Take technology, for instance, which is always painted as a scary bugbear by the intelligence establishment and see whether it really is such a monster. Let’s try and understand how you are today tracked by private corporations and technology and services companies. Say you are using a search engine like Google. There are two use cases. The first is that you go into Google without logging in and search for a specific keyword or keywords. The second use case, which is more likely these days, is that you use the search engine after logging in with specific credentials (username, password, mobile phone authentication, security question) and type in your keywords. In either case, the search engine notes down your IP address, and physical/geographical location, drops in a cookie into your browser and algorithmically monitors every single keystroke of yours.
Using the information so gathered, it synchronises its other services, for example, email services, maps or location-based apps, to cater to your specific needs and requirements, which it has already gathered through an analysis of the data (IP address, search terms, browser used, geographic location, ISP, viewing habits) generated by your browsing. All this data is stored in huge server farms, layered by algorithms and specific security protocols and software. All contemporary internet-based services, including Facebook and Twitter, follow a similar digital architecture, and the best part is that some of the most complicated business intelligence algorithms and software are developed in India centres of
From the point of view of national security imperatives there are two working models. The first is to ensure that all internet-based services and application companies locate their servers, systems and algorithms within India. The US is the master of that model, and India has had limited success in getting international companies to locate their servers within the country: the BlackBerry controversy is a case in point. The second model depends on ensuring that every single piece of data, every bit and byte, passing Indian internet and telecommunication pipes are intercepted, stored, analysed and workable intelligence generated out of it. It turns out that Germany and France are quite good at it. India has similar ambitions, and a case in point is the central monitoring system (CMS) currently in operation.
Despite limitations, like the lack of a search system, the CMS is a step in the right direction. Several private companies are already using a variation of the second model for legitimate Internet business practices. If you have ever wondered how you got an electronic newsletter advertising the latest airfares minutes after searching for a bargain ticket on the internet, it’s the interception mechanism at work.
In such a scenario it’s laughable to hear the sleuths say that they were stumped by a spoofed IP address. It’s also amusing to note that the Bengaluru police have outsourced the task of data analysis of Biswas’s Twitter account to a private company because they “don’t have the capacity”. Quite obviously, then, technology is not really the challenge. The real mountain to climb is the way the intelligence agencies are structured and the complete lack of coordination mechanisms between them. Currently, each agency with full or partial forensic or intelligence function, whether it’s the NIA, CERTin or NTRO, operates in a completely opaque manner. As a result of opacity, and the consequent gated nature of each network, the CMS, which is supposed to be used as an inter- and intra-agency tool, has either been under-utilised or worse, in several cases, has not been used at all.
The foundational requirement for an active and robust CMS is a transparent sharing of resources, including information, technology, digital and human intelligence assets. By default, it requires the turfs and boundaries that have been historically created by intelligence czars to be broken down completely. It’s this mountain of a challenge that’s been spotlighted starkly by Biswas for Doval and his team to rectify immediately.
The US had its moment of epiphany when terrorists slipped through the cracks and traumatised the nation on September 11, 2001. The US intelligence establishment was completely revamped, walls and boundaries were broken down, old wood was chucked away and intelligence sharing and coordination became the foundation of national security. India has had several epiphanies; from the parliament attack to the 26/11 Mumbai terror raids. Yet the intelligence community seems to be living in a cocoon, sleepwalking its way from one attack to another. The Trojan horses are here, and the attacks are already taking place. When will we learn to defend ourselves?
The article appears in January 1-15, 2015, issue