Two days after the Maharashtra Anti-Terrorism Squad (ATS) traced the terror e-mail to US nationals Keith Haywood and his wife Kens White living in a plush Navi Mumbai colony in Sanpada area, investigators say there is a “possibility” that the author of the e-mail had hacked into Haywood’s laptop. The laptop could have been infected with the ‘trojan horse’ software that gives the sender complete control on the computer from just about anywhere, the police said.However, the police are still clueless about why Haywood’s Internet Protocol (IP) address was chosen as the source of the e-mail. The ATS on Tuesday said that although there was no restriction on their movements, the US nationals might be questioned, as new evidence surfaces.“There are several possibilities that need to be probed, and we are going through them one at a time to arrive at the right conclusion. One of the angles we are now seriously investigating is that of a trojan horse virus being sent to Haywood’s laptop by someone,” said Joint Commissioner of Police, ATS, Hemant Karkare. “This would give the sender control over the laptop from any location however remote it may be. Any mail sent from the computer after gaining access to it in this manner would be traced to the IP address used by Haywood,” he said. “It is very hard to say conclusively whether this method was used, as a trojan horse wipes out any traces or footprints of itself once it downloads a virus into the computer. However, forensics teams are analyzing the possibility.”IT expert Vijay Mukhi, President of the Foundation for Information Security and Technology, said trojan horse is a virus programme that sits on the computer without the user coming to know of its existence. “It can then send fake data from your computer. In short, it gives someone complete control of your computer and all communication from it. It can be sent either through an e-mail or by corrupting the operating system,” he said.The e-mail sent by a terror outfit called the Indian Mujahideen had claimed responsibility for the Ahmedabad blasts and was traced to Haywood’s flat within hours of the attacks. Earlier, the police were also considering the possibility that someone might have hacked into Haywood’s WiFi network to send the e-mail.In his statement to the police, Haywood has said that a Tata Indicom technician had visited his house over 20 times in connection with his WiFi account, and that he knew Haywood’s password. Haywood has also told the ATS that when he had asked whether he should change the password, the technician specifically asked him not to.“He has informed us about this technician, and we have recorded the statements of all those concerned. We have to investigate whether the technician asked Haywood not to change his password for some dubious motive,” said Karkare.Meanwhile, the ATS has collected details of the four cars that were stolen from Navi Mumbai and used in Sunday’s attacks. According to the ATS, a black Wagon R (MH-43R-3569) was stolen from Vashi on July 8. It was later found abandoned in Surat with a changed licence plate - GJ-6CD-3569. Similarly, a red Wagon R (MH-06-8249) that was stolen from Panvel on July 15 was found abandoned in Surat bearing a licence plate GJ-6CD-8249. A silver Maruti 800 (MH-05-H-5764) stolen from Nerul on July 15 was also used in the blast at M G Hospital in Ahmedabad using a licence plate GJ-6CD-5764. The fourth a vehicle, a silver Wagon R (MH-06-AF-9719) bearing licence plate GJ-6CD-9817 was used in the Civil Hospital blast.
