“Pray it works,” read the text message on Mohammad Ahmad Siddibapa’s instant-message screen, less than 24 hours before bombs tore through Hyderabad on February 21, 2013, killing 19 people and injuring 117. The alleged Indian Mujahideen (IM) commander and his Karachi-based chief, Riyaz ‘Bhatkal’ Shahbandri, had instant-messaged for weeks, bouncing ideas on bomb design and execution off each other. The prayers were redundant.
Ever since 2009, an investigation by The Indian Express has found, India’s intelligence services have been intercepting conversations like these, after they rolled out a 100-crore, multi-agency programme to spy on digital communication between terrorists. It failed in the past, though — and the bad news is it will fail again.
For months now, the intelligence services have been engaged in an increasingly desperate effort to stop the next 26/11-seeking communication from Maharashtra and Kashmir men fighting with Islamist insurgents in Iraq; Indian jihadists in Afghanistan; the Lashkar-e-Taiba (LeT) leadership’s orders to operatives.
The digital espionage system has almost certainly picked up these communications — but they’ve remained incomprehensible to India’s intelligence services, because of the failure to beat digital encryption technology. “There hasn’t been one single case where we’ve successfully managed to penetrate encrypted communications between terrorists,” admitted a senior Research & Analysis Wing (R&AW) officer.
Increasingly, India’s intelligence establishment believes the only answer is to compel internet firms to locate their servers in India, as Brazil has done and Germany is contemplating — thus forcing them to comply with lawful interception orders.
Inside an elegant Art Deco mansion in central Delhi, its lush gardens dotted with flowerbeds, trees and the odd peacock, staff at the Intelligence Bureau’s (IB) operations directorate have again been staring hard at data snatched from cyberspace, hoping that somewhere in the cloud of ones and zeros lie the leads they need to preempt new terror threats.
India’s desperate war rests on a system called Netra, commissioned in 2009, drawing its name from the Sanskrit word for eye — or, more prosaically, from its job description, NEtwork TRaffic Analysis.
Netra was born in the years after 9/11, when India’s intelligence services realised terrorist groups like the LeT were making extensive use of the internet, and wanted tools similar to the US’s PRISM digital espionage system. Housed in hundreds of internet hubs across the country, Netra vacuums up terabytes of data, and then trawls through it for keywords of interests. The system, designed by the Defence Research and Development Organisation’s (DRDO) Centre for Artificial Intelligence and Robotics, has won several technology awards.
The system has done what it is designed to do, intelligence officials said. It helps track traffic to websites the intelligence services suspect might be linked to jihadi activity. That opens the way to locate target computers and mobile phones — and infiltrate them with software that can monitor keystrokes, and record conversations.
It’s what Netra can’t do, though, that is causing concern. The National Technical Research Organisation (NTRO), tasked with creating software to decode encrypted internet traffic, hasn’t so far been able to deliver. That means India’s intelligence services can’t listen in to voice-over-internet services like Skype and Viber, or text-based systems like What’sApp, Fring and Facebook.
Limited gains, the sources said, have been made, one involving the purchase of technology to decrypt Thuraya satellite phone conversations from an East European vendor — but the bulk of traffic remains invisible to the intelligence services.
Finally, no staff have been sanctioned to analyse the output Netra generates — so with the tiny staff available, the IB is strapped to mine it for useful information. The IB’s operations directorate has just 40 executive staff; the organisation as a whole 18,795, to the 26,867 it is sanctioned.
Those figures are in stark contrast to western standards: the US’s Federal Bureau of Investigations (FBI), with a much narrower set of threats to address, has 34,019 staff, and its communications intelligence service, the National Security Agency, over 40,000. The NSA is reputed to be the largest single employer of mathematicians in the world, a discipline central to cryptanalysis.
In addition, the NSA has the advantage that most communication services are headquartered in the US — making it relatively easy to acquire the digital keys used to encrypt information. The NSA also has supercomputing resources that allow it to mount what are called brute-force attacks on encrypted data. The NSA, by some estimates, spends up to $250 million a year on technologies to defeat encryption.
Police, meanwhile, are pointing to growing numbers of cases of online jihadist activity. Last month, The Indian Express revealed that four Thane men were training with jihadists in Iraq, while other cases have emerged from Tamil Nadu and Kashmir. Haidar Ali, now facing trial for his alleged role in bombing Prime Minister Narendra Modi’s election rally in Patna, is charged with having learned to make bombs from the al Qaeda online magazine Inspire.
For its part, the National Investigation Agency is prosecuting Abdul Hakeem Jamadar and Zafar Iqbal Sholapur, who it says were drawn by online jihadist literature to join the jihad in Afghanistan.
“Every time we’ve tried to persuade a software major to cooperate,” a senior IB official said, “we’re told the data is held in another country, and that a complex, slow legal process is required to access it. The solution is for the government to compel companies to hold data in India, as was done with Blackberry.”
“Imagine hunting for a needle in a haystack,” he added, “and then imagine hunting for it in the dark without a flashlight. That’s sort of where we’re at”.
WHY NETRA CAN’T SEE
The software used to send e-mails, instant-messages or calls turns data into encrypted packets — typically using digital “keys”. This encrypted data is gibberish to anyone who listens in — necessary to protect private data.
The data passes through a server, mainly controlled by companies operating in the US, and on to the end-recipient. Software uses digital “keys” to decode the data, so the end-recipient can make sense of it.
Netra successfully sucks up online traffic on its way in and out of India’s internet hubs, but isn’t backed by technology to decrypt it.
There are two ways to decrypt this traffic: acquire the keys used by the service-provider, or use complicated, computing-power intensive algorithms to factorise the large prime numbers used to encrypt data.