The picture of the Indian Mujahideen that emerges out of the recent NIA investigation is that of a bunch of men with exceptional knack for information technology: they set up email accounts that disappear if they are not accessed in 24 hours, proxy servers to camouflage geographical location, encrypted files and complicated code language.
The NIA claims that after an elaborate investigation into the communication between alleged IM members and their leadership, the NIA Special Court on September 7, 2013 issued four separate search warrants to US-based Yahoo Inc, Paltalk Inc, Sophidea Inc and Hurricane Electric. The NIA claims letters of request were also “sent to several service providers of Nepal, Canada and Ireland seeking information of IP addresses”.
The IP address of Nimbuzz chat, NIA claims, was traced to Pakistan Telecom Company Ltd. Though most of the other IP addresses were traced to France, Germany, Netherlands, Nepal and India, the NIA claims they were proxy servers created to hide the real location of the users.
On November 14, 2013, Director, Criminal Division, Office of International Affairs in US Department of Justice, Mary Ellen Warlow, wrote to K Sai Jawahar, Under Secretary, Internal Security 11 division, Ministry of Home Affairs, saying: “On November 12, 2013, our office consulted with Paltalk to discuss the results we had received for your request. Unfortunately, Paltalk does not store or record instant message conversations. Accordingly, we are not able to provide records of the conversations that occurred using their system. A review of those email addresses indicates that they were created using a website http://www.fakeemailgenerator.com … The website works by generating an email address and a temporary inbox and users may log into the account simply by knowing the email address…The FAQ of the website states the inbox is deleted if it is not checked once every 24 hours. Accordingly, unless the targets are still using the account, the accounts have likely been deleted”.
In the case of one user, Warlow wrote, there were 38 logins “but his IP address consistently resolve to France.” For another, Warlow wrote, “the user made a total of 60 logins but the IP address resolve to different countries, a fact which suggests the use of proxy servers”. These IP addresses appeared in France, Germany, Netherlands, Nepal and India.
Paltalk and Yahoo are among the nine US internet companies from whose servers the American intelligence agencies have been “grabbing data”.
NIA claims the email and chat IDs “emerged during the analysis of the chits of papers seized during the personal search of the accused persons” or were revealed by the accused during interrogation.
NIA claims that “Riyaz (Bhatkal) used filehippo.com which has software to open encrypted files”. Quoting an alleged chat between Yasin and Riyaz Bhatkal, NIA claims that on November 16, 2013, they “talked about using Freegate to be used to develop proxy”. NIA also claims that the alleged IM men were also “doing encryption using Axcrypt software”.
The NIA claims that to access Yasin Bhatkal’s latest yahoo email, they had to “obtain a Nepal-based computer which was taken over using Team Viewer software to access the account and recover it in India”.
NIA claims that after the alleged disclosures by Yasin Bhatkal, on August 31, 2013, they “attempted to recover the texts/contents of communication” of his Yahoo mail. “It could not be done since (the account) was being accessed from a country other than the country of usual access. The security feature of the site demanded answers to the security questions, which were not remembered by the accused and the account was locked for twelve hours,” NIA investigation claims. “It was suggested that since the accused did not remember the answers to the security queries, the accounts would have to be logged in from a Nepal IP”.