NEW DELHI: Banned terror outfit Indian Mujahideen (IM) has gone hi-tech, sending shockwaves among the Intelligence and security agencies in India. The IM operatives are using cutting-edge crypto-algorithms to effectively coordinate terror plans, concealing their online presence and masking identity.
A probe by India’s anti-terror organisation, the National Investigation Agency (NIA), reveals that IM founder Riyaz Bhatkal and his close aides run a hi-tech command centre in Karachi using 10 laptops and 40 mobile phones to communicate with terror cells in India and Nepal. They are masking the chats by adopting latest encryption plug-in as well as frequent use of proxy servers and mobile apps to communicate with the jihadis operating on the ground. The IM terrorists have also used at least 11 fake chat IDs including Halwa.Wala, Jankarko, a.haddad29, hbahadur, khalid.k, spent_those11, tashan99, spent_those, Laho0@yahoo, ubhot4u, and the contents were encrypted using strongest encryption programs downloaded from open source.
“They have not been able to cook their own encryption tools but we have noticed that terrorists are changing the open source tools frequently to avoid interception. Unlike Al Qaeda which has its own in-house encryption program, IM operatives are using open source software to mask chat and email communications,” a senior officer said.
IM’s Secret Tools
NIA discovered that jihadis used encryption software brewed by professionals—filehippo and wiksiend—to store and process encrypted communication between terror cells on the ground and ringleaders sitting in ISI safe-houses in Karachi, Pakistan. Broader encryption tool AxCrypt is frequently used to share terror documents. The NIA chargesheet filed on September 22 against 20 IM terrorists revealed that new technology enabled the terrorists to operate from almost any country in the world without being intercepted by law enforcement and intelligence agencies.
The decrypted chats between Riyaz Bhatkal and IM terrorist Mirza Shadab Beg unravelled IM’s plan to explore the availability of ‘fidayeen’ (suicide) attackers from Al Qaeda to carry out terrorist acts in India. The details emerged from the analysis of the recovered chats have established that Beg was travelling to Afghanistan to hire jihadis for attack on police personnel in India. Beg also desired that the future terrorist attacks would be done in the name of the Al Qaeda.
Cracking the Code
The chargesheet reveals that besides the Indian Computer Emergency Response Team (CERT-In), NIA was assisted by computer emergency response teams in the US and the UK to break the secret codes of emails and chats between terrorists. Although NIA received some contents with the help of CERT-In, it also took the help of four service providers—Yahoo, Paltalk, Sophidea Inc and Hurricane—besides executing Letter of Requests (LR) to several other service providers in Nepal, Canada and Ireland seeking information of IP (Internet Protocol) addresses used by IM founders Riyaz and Iqbal Bhatkal hiding in Pakistan; Yasin Bhatkal, who is behind the bars; and Mirza Shadab Beg, sheltered by the Taliban in Af-Pak border.
The analysis of IPs carried out by NIA reveals that the IPs were not the ones actually used, but were proxies used from different locations. NIA also received details of two Nimbuzz accounts, “James_Usually10” and “Spent_those11”, from the company which were registered and accessed through proxy servers. Interestingly, the login details from Nimbuzz about “menothing1”, another chat ID, were traced to the IP address, 221.120.246.6, belonging to Pakistan Telecommunication Company Limited. ‘menothing1” was the ID of Riyaz Bhatkal for “Fring” and “Mig 33 messenger”.
The Indian agencies, however, could not decrypt the chat items of Paltalk and NIA sought help of the service provider to decode the chat contents between Riyaz and Yasin Bhatkal, codenamed in virtual world as tashan99” and “Dumzum”.
“The terrorists used coded language in the chat and to have utmost secrecy, separate secret chat addresses were exchanged with each other either through encrypted files or by statements in secret coded language, understandable only mutually by the operatives,” NIA stated.
Al Qaeda’s Tech-Support to IM?
The NIA probe in IM activities has clearly indicated that Bada Sajid and Abu Rashid, close aide of Riyaz Bhatkal, joined hands with Al Qaeda and the Taliban. Apart from finances to wage war against India, the terrorists are also seeking logistical support from Al Qaeda, which is learnt to have its own Mujahideen Secrets platform to communicate with terrorists across the world. According to a senior intelligence officer, Al Qaeda is using a much stronger encryption on normal communication traffic to remain unexposed to interception by law enforcement agencies.
Indian agencies clearly lack online surveillance like USA’s National Security Agency (NSA) which has been plucking billions of pieces of phone and Internet data from around the world to thwart any suspicious activities.
“We do not have a fully prepared technical spy agency to pluck data like the NSA does or Britain’s GCHQ has been doing. We have created layers of agencies but never empowered a single unit for specific task. There is lack of clarity,” the intelligence official added.
According to a report by intelligence firm ‘Recorded Future’, Al Qaeda’s IT units—GIMF and Al-Fajr Technical Committee—are brewing their own encryption programs after Snowden leaks to avoid scanner of Intelligence agencies. The Al Qaeda has also released new Android apps to evade detection. Reports suggest that ISIS terrorists might be using the similar encryption programs.