NEW DELHI: Banned terror outfit Indian Mujahideen (IM) has gone hi-tech, sending shock waves among the intelligence and security agencies. The IM operatives are using cutting-edge crypto-algorithms to effectively coordinate terror plans, concealing their online presence and masking identity.
A probe by the National Investigation Agency (NIA), reveals that IM founder Riyaz Bhatkal and his close aides run a hi-tech command centre in Karachi to communicate with terror cells in India and Nepal. They are masking the chats by adopting the latest encryption plug-in, as well as frequent use of proxy servers and mobile apps. The IM terrorists have also used at least 11 fake chat IDs including Halwa.Wala, Jankarko, a.haddad29, hbahadur, khalid.k, spent_those11, tashan99 etc and the contents were encrypted using strongest encryption programmes downloaded from open source.
“They have not been able to cook their own encryption tools, but we have noticed that terrorists are changing the open source tools frequently to avoid interception. Unlike al- Qaeda, which has its own in-house encryption programme, the IM operatives are using open source software,” a senior officer said.
IM’s Secret Tools
The NIA discovered that jihadis used encryption software brewed by professionals --FileHippo and Wikisend --to store and process encrypted communication among the terror cells on the ground and ringleaders sitting in ISI safe-houses in Karachi, Pakistan. Broader encryption tool AxCrypt is frequently used to share terror documents.
The NIA chargesheet, filed on September 22 against 20 IM terrorists, revealed that new technology enabled the terrorists to operate from almost any country in the world without being intercepted by law enforcement and intelligence agencies.
The decrypted chats between Riyaz Bhatkal and IM terrorist Mirza Shadab Beg unravelled the IM’s plan to explore the availability of ‘fidayeen’ (suicide) attackers from al-Qaeda to carry out terror strikes in India.
Cracking the Code
The chargesheet further reveals that besides the Indian Computer Emergency Response Team (CERT-In), the NIA was assisted by computer emergency response teams in the US and the UK, to break the secret codes of emails and chats among the terrorists. Although the NIA retrieved some contents, with the help of CERT-In, it also took the help of four service providers --Yahoo, Paltalk, Sophidea Inc and Hurricane,besides executing Letter of Requests (LR) to several other service providers in Nepal, Canada and Ireland seeking information on IP (Internet Protocol) addresses used by IM founders Riyaz and Iqbal Bhatkal hiding in Pakistan; Yasin, who is behind the bars, and Beg.
The analysis of the IPs carried out by the NIA revealed that they were not the ones which were actually used, but were proxies for IPs used from different locations.
The NIA also received details of two Nimbuzz accounts.“James_Usually10” and “Spent_those11”, from the company which were registered and accessed through proxy servers.
Interestingly, the login details from Nimbuzz about “menothing1”, another chat ID, were traced to the IP address, 220.127.116.11, belonging to Pakistan Telecommunication Company Limited. It was the ID of Riyaz for “Fring” and “Mig 33 messenger”.
“The terrorists used coded language in the chat and to have utmost secrecy, separate secret chat addresses were exchanged with each other, either through encrypted files or by statements in secret coded language, understood only mutually by the operatives,” the NIA stated.
The NIA probe into the IM activities has clearly indicated that Bada Sajid and Abu Rashid, close aides of Riyaz, joined hands with the al-Qaeda and the Taliban. .
Indian agencies clearly lack online surveillance like the US’ National Security Agency (NSA), which has been plucking billions of pieces of phone and Internet data from around the world to thwart any suspicious activities.
“We do not have a fully prepared technical spy agency to pluck data like the NSA or Britain’s GCHQ. We have created layers of agencies, but never empowered a single unit for specific task. There is lack of clarity,” the intelligence official added.
According to a report by intelligence firm ‘Recorded Future’, al-Qaeda’s IT units--GIMF and Al-Fajr Technical Committee -- are brewing their own encryption programmes after Snowden leaks.