- IBM Develops Analytics Technology For Telcos
- A USB Hard Drive That Asks For Your PIN Before Allowing Access
- An Information Security Health Check-up For IBM Clients
- Enterprise Applications And Mid-tier Caching
- India Needs More Homegrown PhDs In Computer Science
- IBM: An Education Tourism Programme For IT Professionals And Students
In the recent Mumbai attacks, the terrorists exploited a server in Russia to mask their true identities, IP (Internet protocol) addresses and routes of e-mail communications. They used channels that do not fall under the radar of suspicion and monitoring. This not only caught intelligence agencies off guard, but also highlighted the absence of technologies that could have equipped them to deal with such challenges.
Ashish Sonal, CEO, Orkash Services-a management consulting and technology services company providing custom research, market intelligence and business assurance services for emerging markets-reveals how cyber forensics technology can help tame the menace of terrorism.
i.t. A recent white paper released by Orkash, says: "The cyberspace is acting as a force multiplier for terrorist networks in India and abroad, driven by the sophisticated use and unlimited access to Internet and computer technology." What kinds of threats are emerging as a consequence?
AS Orkash's study on the changing patterns of terrorism in India highlighted that over the past 18 to 24 months, terror outfits have undergone a major overhaul of their operational and executional capabilities to orchestrate attacks in India. Terrorism is adopting a more sophisticated face, as attacks are becoming large scale and more techno-savvy.
Taking advantage of the anonymous nature of the Internet, terrorists use cyberspace for communications, geographic mapping, recruitment, fund raising and, most importantly, intelligence gathering. With increasing vigilance on the traditional channels of communications (such as tracking of e-mails and mobile phones, etc), terrorists have now resorted to using new tactics, for example, not sending e-mails but saving them as drafts in an encrypted manner. Many organised terror groups host websites and use fixed Internet sites to communicate with their partners. There have been known incidents in India where terrorists have resorted to several other innovative techniques, such as using bulletin boards and other websites that provide free uploading services, and posting steganographed picture messages to pass on ‘confidential' execution details.
i.t. What technologies are required to counter these threats?
AS The key learning for intelligence agencies is that any activity over the Internet leaves traces and communication patterns that can be tracked with a great degree of accuracy. However, the caveat here is that inflow and outflow of information has to be continuously and rigorously monitored. And here, cyber forensics plays a crucial role in investigations and intelligence gathering to curb and preempt terrorist activities. The pre- and post-event techniques of cyber forensics (supported by the evidence chain management) can help in anticipating and appropriately reacting to terrorist activities over the cyber space.
Several technological tools such as ‘trackback analysis' (Orkash's proprietary tool used for monitoring and tracking information online) and other Web-mining applications can assist in the process.
i.t. Can you explain the pre- and post-event techniques of cyber forensics in detail? How can these techniques be put to use effectively?
Pre-event: This model is predictive in nature and is driven by intelligence collected through the use of technology. As terrorists have increased dependence on the Internet and on Web technology, they are using cyber space for planning, communications, and logistics control. Network monitoring and forensics can pick up the indicators and triggers before the actual event takes place and generate intelligence inputs for agencies to investigate further. The process encompasses regular monitoring and collecting evidence through ‘packet' level forensics, whereby packets of information moving in and going out are monitored. Subsequent analysis through data mining generates trends and patterns almost in real time for further intelligence. The analysis can help in isolating patterns based on previously known ‘suspicious' entities or on new ones-identifying and investigating ‘triggers' or any unusual developments for future analysis and threat assessment.
Post-event: This deals with the forensic science of all the equipment containing digital evidence such as computers, laptops, palmtops, mobile phones, satellite phones, GPS (global positioning system) devices, etc. In high profile cases and incidents, such as the Parliament attack at New Delhi in 2001, the Mumbai serial train blasts in 2006, and the 26/11 Mumbai attacks, cyber forensics played a decisive role in gathering e-evidence and collating the sequence of events for the prosecution of the suspects. This also provided the necessary breakthroughs and insights of how terrorists are masking their identities and executing their plans. Detailed post-event forensics is the critical component of intelligence gathering. It generates information and evidence chain that then facilitates monitoring and tracking.
i.t. One of the most disturbing trends that the Orkash study cites is the increasing use of steganography (the technique of writing hidden messages in such a way that no one apart from the sender and intended recipient realises there is a hidden message), encryption, etc, to execute terror plans. How can this be countered?
In every case, it boils down to the detection of trends and patterns from the sea of data gathered from logs and packets, which is a big challenge in itself and can only be executed through technologies such as data and text mining, natural language processing, etc.
The process of analysis and intelligence creation can be further enhanced by integrating these with geographic information systems (GIS) and with the use of technologies such as link analysis, whereby the complete network and the sequence of events can be visualised. The adoption of such techniques by the Indian investigative agencies is still very minimal. They need to be more proactive, and technologies need to be implemented for detection of anomalies and unusual behaviour at an early stage so that a red flag can be raised for timely investigations.
i.t. Can cyber forensics help prevent the crimes being carried out through cyber cafés?
i.t. What kind of technical infrastructure is required by central and state investigative and intelligence agencies to deal with such tech savvy assailants? And what is the cost implication?
i.t. What kinds of opportunities are emerging for tech entrepreneurs as the world recognises the need to leverage cyber forensics technology?