American says his computer was hacked

MUMBAI: In all likelihood the Anti-Terrorism Squad (ATS) of the Mumbai police will have to believe 48-year-old Keith Heywood’s story.

It was from Heywood’s computer that the email warning about terror strikes in Ahmedabad was sent on Saturday.

The American citizen, a tenant at Navi Mumbai’s Gunina apartments, has told the police that either his computer was hacked into or someone used his Wi-fi connection to illegally send an email via his network.

On Sunday, a Mumbai ATS team rushed to Heywood’s home in Sanpada after receiving a tip-off from the central intelligence agencies that the email had been sent from his IP address.

While the ATS team has confiscated hard drives and other electronic evidence from the house, they have unofficially ruled out the involvement of the American in sending the terror mail. Indian Mujhahideen sent the mails from a yahoo address —-alarbi_gujarat@yahoo.com.

The same outfit had claimed responsibility for the blasts in three Uttar Pradesh cities — Varanasi, Lucknow and Faizabad — in November 2007 and the Jaipur blasts in May this year by sending email messages just a few minutes before the terror strikes. 

Intelligence officials monitoring the case told DNA that sending email is emerging as a definite strategy of the Indian Mujahideen and in almost all the instances, the mail were heavily spoofed and masked to protect the real identity of the senders.

“Terror emails serve two purposes. They distract the investigating agencies by sending them on a dead cyber trail. The email messages are almost always masked and there’s no way of finding out the real senders. The other purpose is to generate publicity for the group,” said a senior intelligence official familiar with Indian Mujhahideen.

For the third time in as many incidents of terror strikes in the last one-year, the Indian security apparatus has failed to track down email messages sent by the Indian Mujahideen claiming responsibility for the strikes.

The email was sent using Heywood’s Wi-fi connection, according to reliable sources in the Mumbai ATS.

“The level of security in a Wi-fi connection is very low and anyone can tap into it and access the internet,” an official told DNA.

Intelligence sources told DNA that gadgets and software are available that track Wi-fi connections in a neighbourhood at random and connect to them by hacking their weak security systems.

“For instance a person in a car with a laptop can easily drive around any part of the city tracking Wi-fi networks. Once he tracks them, he can easily break into them and access the internet through them. His internet transactions have a record of the Wi-fi network but the trail will end at the random user who owns it,” the official explained.

The IP address is a random one and the sender of the threat message hacks into some server and sends that mail. Quite similar to the way tonnes of spam find our inbox every day.

Sources said that popular hacking techniques like spoofing — sending emails from fake addresses — coupled with the art of faking an IP address have been employed in terror threats in the past.

The internet trail has almost always ended at cyber cafes, whose networks had been hacked into and used to send mails, or individuals who claimed they’d been hacked.
In case of the UP blasts, the emails were first traced to a cyber café and East Delhi.

However, it turned out that the senders had hacked into the cyber café and the mail had actually been sent from a server in the USA. “Upon investigation, the server in the USA was also found to be a front,” said an intelligence official aware of the developments.

When terror struck Jaipur on May 13, the email messages from Indian Mujahideen were traced to a cyber café in Ghaziabad in UP. The police questioned the owner of cyber café but he also claimed that his network had been hacked into.

For intelligence agencies, accurately tracking the IP address from which an email has been sent is emerging as a big challenge. “In nine out of ten cases the senders of the emails have spoofed their IP addresses. Spoofing an email address or an IP address means successfully masking one’s email or IP address,” a retired IB official told DNA.

The intelligence apparatus in India claims to be well equipped with the latest technology to monitor internet traffic and track IP addresses down for investigating crimes of terror. Yet, India does not have an official cyber command on the lines of the USA and China who have dedicated thousands of personnel for sniffing the internet for intelligence gathering and protecting the cyber installations of the country from international hackers.