The terror code: How we cracked the Indian Mujahideen trail

It was not an easy job for the National Investigation Agency (NIA) to nail highly motivated key operatives of Indian Mujahideen (IM) Yasin Bhatkal, Asadullah Akhtar and others. A maze of computer codes, IDs and software to convert messages into gibberish remote servers forced the NIA to take the help of US agencies to decode how they communicated and where they uploaded secret documents.

dna puts together the virtual map of how these top terrorists operated. IM operatives were not only fake IDs but were also quite adept in using proxy servers to conceal their identity and locations. They were using highly encrypted data and secret coded language to chat with each other.

To generate fake IDs and use proxy servers, Yasin and Riyaz Bhatkal even exchanged notes about where to get the information from and how to go about it. During a chat with Yasin on November 29, 2012, the computer-savvy Riyaz told him that filehippo.com was the website to get softwares for encrypted codes.

"This was primarily done to keep the larger conspiracy and plan intact even if one of them was caught as he would not be able to disclose anything despite rigorous interrogation. The web chats reveal that they were frequently creating fake IDs and moving from one proxy server to another in quick succession," an NIA official said.

To unravel the complicated trail, the NIA had to seek the help of experts from the Computer Emergency Response team of India (Cert-In) and other experts and also the help of Cert-In of the US, the UK and also Yahoo and Nimbuzz using diplomatic channels. Requests were sent to these countries under MLAT (Mutual Legal Assistance Treaty). Following are some of the IDs that the Bhatkals used:

Kingpin Yasin Bhatkal (Mh. Ahmed Siddibapa Zarrar) used at least five different fake accounts: jankarko@yahoo.com, halwa.wala@yahoo.co,a.haddad@yahoo.com, hbahaddur@yahoo.com and kahlid.k@nimbuzz to talk to Riyaz, Sultan, Ateef Mota and his wife Zahida.

During his chats with Yasin Bhatkal, Riyaz also used three fake IDs of lovesam361@yahoo.com (from July 13 to August 28, 2013), patara_singh@yahoo.com (November 13, 2012 to 13 July, 2013) and coolallz@yahoo.com (July 18, 2013 to July 27, 2013).

At the same time, the other IM kingpin Asadullah Akhtar ( Haddi) was using IDs kul.chitra@yahoo.com, tashan99@paltalk.com and spent_those11@yahoo.com to chat with coolallz@yahoo.com and dumzum@paltalk.com, james_usually10@yahoo.com to chat with Riyaz and Mirza Shadab Beg.

The NIA team even had to get a computer from Nepal to nail the exact IP address to open certain mails. On analysing IP logs, the NIA found that Riyaz Bhatkal and Mirza Shadab Beg had utilised proxy servers for establishing contacts with other operatives like Yasin and Haddi to conceal their activities and locations.

The NIA stumbled upon Pakistan's role while investigating the Nimbuzz accounts. The login details from Nimbuzz with respect to IDs menothing1 and davidthapa77 revealed that the IP was 221.120.246.6, which belongs to Pakistan Telecommunication Company.

The NIA used two independent experts who advised on the data integrity check process using the MD5 software. This software converts everything into gibberish, which cannot be read by anyone else. The recipient then reconverts the data using the same software.

At the end of the painstaking process, the hash value (encrypted code) was generated. Forty seven files in eight folders, amounting to 30.8 MB, were generated and stored in the computer and subsequently transferred and saved in a hard disk. All the working screens were recorded as a video capture and files were then copied into a compact disk to be presented to the court.