It’s been all over the news — “Mumbai attacks reveal sophisticated use of technology”, “Gunmen used technology as tactical tool”, “Mumbai terrorists more tech-savvy than the police” — but while the mainstream media winds up portraying these terrorists as the evil geeks you only see in movies, or saying that the technology is to blame, the reality is that these terrorists just got creative. What they really did was to combine some simple tech, and use it to deadly effect.
GPS and Google Earth
What they used it for:
Navigating their way to India, planning the attack, getting around Mumbai (likely).
How it works:
In concept, the Global Positioning System (GPS) is pretty simple. You ask your GPS receiver where you are, the receiver asks a satellite, the satellite sends back an answer, and there you go. In reality, however, this is considerably more complex.
Firstly, it isn’t the satellite that is calculating the receiver’s position, it’s the receiver itself. Secondly, GPS doesn’t need a satellite, it needs at least four. There are around 32 satellites in orbit dedicated to GPS, so finding four usually isn’t a problem. Your receiver monitors the four strongest signals that it receives — signals that contain information about the satellite’s own orbit, and the rough orbits of other satellites. It then uses the time it took for each message and calculates its distance from the satellite. Finally, using a method called geometric trilateration — for which it uses the orbital information for the satellites — it calculates its position on Earth.
Google Earth uses photos of the Earth taken by satellites, and slaps them on a virtual sphere. The result, as you’ve already seen, is a virtual world that you can tour on your desktop. Want to see a top view of Everest? It’s there. Niagara Falls? The Pyramids? The Taj Mahal? There, there, and there. It also has GPS coordinates, so if you were to feed them into your GPS receiver, it’ll give you directions on how to get there from where you are.
Why it’s “evil”:
GPS and Google Earth are powerful technologies on their own, but when combined, make for an excellent planning tool. A GPS receiver will give you directions to your destination, and Google Earth shows you what you’ll see when you get there. While you’re on your way, GPS receivers can’t show you visual landmarks, but Google Earth can. And most importantly, when you’re on a little boat on its way to Mumbai, and don’t really know the way, GPS will let you navigate there easily.
Google Earth has long been criticized by several world leaders — former President A. P. J. Abdul Kalam, among others — for revealing the locations of important military installations across the world. In the US, Google has been asked to obscure important locations such as the White House, and mysteriously, the residence of former vice-president Dick Cheney. The argument was that Google Earth could potentially be, well, a tool in the hands of terrorists.
It’s safe to expect that the Google-Earth-national-security issue will be dredged up again, and we wouldn’t be surprised at a few demands to ban the software itself. There might even be a similar outcry against GPS, but that won’t last long. The bottom line is that both these technologies have caused more good than harm, and it would be a crying shame to limit them in any manner. GPS is an important tool on aircraft, ships, cars, and now even cell phones. And because a GPS device doesn’t send any personal information to the satellites, it’s impossible to tell who’s using which device. The smarter plan? Master both and use them to plan counter-terrorist activities.
What they used it for:
Coordinating with each other, tracking news via GPRS How it works: General Packet Radio Service (GPRS) is another technology that’s been around for ages, and is relatively simple in concept. It uses the same signal that your voice travels on when you’re on a call, only with a few variations to make data transfer faster.
When you’re talking with someone (or “exchanging voice information”), all the data that comes and goes from your phone is circuit switched — all the “packets” of data travel in sequence, and on the same frequency. This is important, because you want people to hear you say “hello” and not “lohel”. When you’re surfing the Internet, however, this isn’t as important — you want your data to reach you as fast as possible, through as many routes as necessary, and your phone will take care of converting all the lohels to hellos. When you request data over your mobile network, your provider sends it to your phones on all the frequencies your phone can access, but not in order. This is called packet switching — each antenna on the network decides the best route for each packet, so each packet takes the fastest possible route to your phone.
Why it’s “evil”:
It isn’t. But you know that already. Having an Internet connection on your phone is about as evil as having a computer at home. Some sites have emphasized the BlackBerry, as if it were a deadly tool in the wrong hands, but really, it’s just an innocent device with its name being dragged through the mud. It could just have easily been Nokias or Sony Ericssons in that boat.
There have, however, been concerns regarding the BlackBerry e-mail service. In India, communication technologies are required by law to allow for “lawful interception” — if the government suspects you of unsavory activities, it needs to be able to monitor your phone, e-mail and other means of communication. The BlackBerry service, however, doesn’t allow for such interception, which is why security agencies wanted to ban it. An e-mail service that cannot be monitored could be a great tool in the hands of terrorists, they said.
Supposed security risks aside, there is no evidence that suggests that Mumbai terrorists used their BlackBerrys for e-mail.
Thankfully, this isn’t hard — once the authorities know the offending number, they can shut it down, tap its calls, even track the phone’s position. They can also see which sites the phone’s user is visiting, and block them if necessary. As for the news, sites could stop reporting live news — especially if that news talks about the police’s plans. Then again, stopping live news means that nobody knows what’s going on, which means rumors, panic, and all the nastiness that comes with it. As for the e-mail issue, soon after the dispute arose, RIM allowed Indian security agencies to monitor the BlackBerry network, and in July 2008, the service was cleared by the telecom ministry.
What they used it for:
Telling the media that they were responsible, without being traceable.
How it works:
When you don’t want the recipient of an email to know where it came from, you first send it to a remailer, which strips the e-mail of all your information, and then sends it on its way, complete with dud reply-to address. They’re supposed to make your e-mail anonymous, but there’s no such thing as purely anonymous on the Internet — there’s just harder to track. And depending on how hard-to-track you want your e-mail to be, you can use one of three types of remailers.
The pseudonymous remailer is the simplest — it replaces your e-mail and IP addresses with its own and sends your e-mail. No complex encryption involved, and the recipient can even reply to the e-mail, which will reach you through the remailer. And of course, because it’s so simple, it’s easy to tell where an e-mail really came from.
For more secure e-mail, you need a cypherpunk remailer, to which you send an encrypted email, which the server then decrypts and sends to the recipient. It’s more sophisticated than just hiding your name and IP address, and to make your e-mail even harder to trace, you can have it go through two, three or four remailers. Anyone who’d want to trace your e-mail would have a formidable (though still not impossible) task ahead of them.
And then there’s the mixmaster remailer, which adds to the goodness of the cypherpunk, and even needs you to have special software installed on your computer. But this isn’t entirely anonymous either, but was designed to make it really difficult and time consuming for anyone to trace e-mails.
Why it’s “evil”:
All right, so this one might qualify as a little evil. People use remailers to cover their tracks, and any activity that involves track-covering can’t be good.
Remailers are actually being fought against even as you read this. Unless you have your own remailer server, you never know when one will be taken down. However, sitting back and hoping for remailers to vanish is silly at best. Our forces need better experts, and more importantly, time, if they are to trace e-mails through remailers. So even if the “Deccan Mujahideen” wasn’t really responsible for the attacks, tracing their e-mail can lead us to tomorrow’s attackers.
What they used it for:
“Phoning home” and getting orders from their handlers
How it works:
Voice over Internet Protocol (VoIP) telephony has been around since the first days of the Internet, and it’s simple enough too — it uses your Internet connection to transmit voice between people. The problem with the Internet, however, is that it’s a packet switched network, which means that packets of data don’t reach their destination in the right sequence. With voice, of course, this will not do at all – which is why several technologies had to be developed to ensure that voice travelled the pipes without any problems. Skype, for instance, uses its own proprietary technology to make sure that voice reaches you fast and clearly.
Why it’s “evil”:
Several governments, including our own, already hate VoIP for robbing the telecom sector of all the money they could make on international calls. But that’s hardly the point. The real problem with VoIP is that it’s considerably more secure than cell phones. Calls made from VoIP phones can only be traced to the point where they get converted from regular voice data to Internet data. Once the data enters the Internet, it bounces around servers across the globe before it reaches its d e s t i n a t i o n . Worse, even if you find out which number the call was made to, determining its position can be a pain. The recipient of a call could have a New York phone number, but could still be in the room next to the caller, which is why terrorists seem to love it.
For a few years now, the FBI has been issuing warnings that militants have been using VoIP for their activities, and a report in October last year highlighted that the Taliban was using Skype to keep in touch. The problem? To ensure that your voice calls aren’t overheard, VoIP providers build secure, proprietary technologies that make it very difficult for hackers to eavesdrop on your calls. Naturally, it also becomes difficult for the law to tap these calls.
While VoIP calls are difficult to trace and tap, they aren’t impossible. Unfortunately, these can be time-consuming processes, and in a situation like Mumbai, we can’t afford that time. To make its job easier, the FBI is pushing for a law that will require VoIP service providers to build backdoors in their software, which law enforcement agencies can use to tap calls when necessary. The same laws already exist for telecom providers since 1994, when the FBI’s surveillance activities were thwarted by new technologies like call forwarding and cell phones. The only good thing that emerged from the terrorists using VoIP phones was that the digital trail could potentially lead the authorities to their handlers. If the group was more reluctant to use phones while they conducted the attacks, the trail would have ended at the last terrorist alive.
Open source terrorism
The Mumbai attacks are part of a disturbing trend that experts are calling open-source warfare. Unfortunately, it doesn’t mean that terrorists are releasing their plans to the public — they’re using technology and the philosophies of open source software to wreak havoc. The scary thing about this scenario is that terrorist outfits needn’t start with the big organizations like the Al Qaeda — all it takes is a single terrorist. The open source philosophy: release often, even if the software is buggy The terrorists’ corruption: attack often, even if there isn’t a concrete plan The open source philosophy: recruit as many developers as possible The terrorists’ corruption: recruit as many “warriors” as possible The open source philosophy: use solutions that have worked with other projects The terrorists’ corruption: find out how other outfits are bypassing security.
With prior terrorist attacks, finding the perpetrators was a matter of some old-fashioned police work. It was slow, but let’s admit it — a few days after the blasts, it was only the police who were frustrated. We just returned to our daily lives — a little rattled, but our shock swiftly gave way to the stress of everyday existence. These attacks, however, were different. For three days, we sat glued to our TVs, horrified, helpless, frustrated, angry, and imprisoned. After watching so many movies and shows where the good guys use sophisticated technology to overcome terrorists in minutes, we were shocked that our police force was so ill-equipped. While the terrorists knew the hotels in intimate detail, our forces didn’t even have night vision goggles to navigate the dark corridors. While the terrorists kept in touch with each other and their handlers using cell phones and VoIP, our forces didn’t even use walkie-talkies to coordinate their counter-attack. The snipers stationed outside the Taj couldn’t open fire, because they couldn’t tell whether they were looking at terrorists or hostages. Because their rifles didn’t have telescopes.
If you’ve played “realistic” games like Counter-strike and Rainbow Six, you probably thought that you and your clan could have done a better job with the situation. Quite likely, but you’d have to consider that you’d be using real guns, and there’s no starting from a save point. But we digress.
Now, home minister P. Chidambaram has announced a massive overhaul of our security system, though we still don’t have details on what that will be. We are assuming (and hoping) that this overhaul includes updating our forces’ tools, and training them on all the technology they’ll need to take down any terrorists. As for the technologies themselves, the debate still rages.
Even if you were to believe that technology was the villain here, where do we go from here? Will we see bans on mobile phones and GPS receivers? We must face the fact that even innocuous, everyday technology can be used for malicious purposes, and focus instead on using that same technology against the terrorists.