The picture of the Indian Mujahideen that emerges out of the recent NIA investigation is that of a bunch of men with exceptional knack for information technology: they set up email accounts that disappear if they are not accessed in 24 hours, proxy servers to camouflage geographical location, encrypted files and complicated code language.
The NIA claims that after an elaborate investigation into the communication between alleged IM members and their leadership, the NIA Special Court on September 7, 2013 issued four separate search warrants to US-based Yahoo Inc, Paltalk Inc, Sophidea Inc and Hurricane Electric. The NIA claims letters of request were also “sent to several service providers of Nepal, Canada and Ireland seeking information of IP addresses”.
The IP address of Nimbuzz chat, NIA claims, was traced to Pakistan Telecom Company Ltd. Though most of the other IP addresses were traced to France, Germany, Netherlands, Nepal and India, the NIA claims they were proxy servers created to hide the real location of the users.
On November 14, 2013, Director, Criminal Division, Office of International Affairs in US Department of Justice, Mary Ellen Warlow, wrote to K Sai Jawahar, Under Secretary, Internal Security 11 division, Ministry of Home Affairs, saying: “On November 12, 2013, our office consulted with Paltalk to discuss the results we had received for your request. Unfortunately, Paltalk does not store or record instant message conversations. Accordingly, we are not able to provide records of the conversations that occurred using their system. A review of those email addresses indicates that they were created using a website http://www.fakeemailgenerator.com … The website works by generating an email address and a temporary inbox and users may log into the account simply by knowing the email address…The FAQ of the website states the inbox is deleted if it is not checked once every 24 hours. Accordingly, unless the targets are still using the account, the accounts have likely been deleted”.
In the case of one user, Warlow wrote, there were 38 logins “but his IP address consistently resolve to France.” For another, Warlow wrote, “the user made a total of 60 logins but the IP address resolve to different countries, a fact which suggests the use of proxy servers”. These IP addresses appeared in France, Germany, Netherlands, Nepal and India.
Paltalk and Yahoo are among the nine US internet companies from whose servers the American intelligence agencies have been “grabbing data”.
NIA claims the email and chat IDs “emerged during the analysis of the chits of papers seized during the personal search of the accused persons” or were revealed by the accused during interrogation.
NIA claims that “Riyaz (Bhatkal) used filehippo.com which has software to open encrypted files”. Quoting an alleged chat between Yasin and Riyaz continued…