EXCLUSIVE: Tale Of A Fabricated Email, Bollywood Style
Last year, a Swedish hacker released information on Internet showing how sensitive departments of the Indian government and foreign service used Internet equipment and services that allows exchange of information without disclosing the location of the person using the Internet. This proves how the Indian government’s IT managers and security people are firmly involved in this business. Maybe this can help explain how the so-called ‘Deccan Mujahideen’ emailed a claim of responsibility from a Russian email address that was also accessed in Pakistan.
By QAZI AHMED
Wednesday, 10 December 2008.
KARACHI, Pakistan—As if the hilarious propaganda by the Indian media was not enough, the Indian police has come up with some more details about the email in which the so-called Deccan Mujahedeen claimed responsibility for Mumbai attacks.
According to their investigation, the attackers used a Russian-based email address and the email account was later used from a computer in Pakistan to send email and claim responsibility for the attacks.
The investigators also claim that the Hindi email content was not typed but rather dictated using a speech recognition system.
There are literally thousands of unsecured proxy servers on the Internet ( for e.g. http://kproxy.com/) that can be used to relay internet traffic. Such proxy servers are used by internet hackers all over the world to hide information about their actual location. So, for example, a person sitting in India can use a Russian proxy server which would make the email look as if it originated from Russia.
As evident from the attacks, the attackers were trained and very professional. If so, then it seems intriguing that they used their home computers to send an email claiming responsibility for the attacks.
The Indians are known to use unsecured proxy servers and internet ‘anonymizers’ to hide their actual location. Like unprotected proxy servers, there is a free service called Tor, which is a global network built by its users (users share their internet bandwidth for relaying traffic for other users and become a Tor node) to relay encrypted traffic to hide location information and access banned content and websites. Last year a Swedish hacker who was running a TOR anonymizer node posted details of usernames and passwords he gathered by monitoring his Tor node.
Surprisingly, most of the usernames and passwords were of Indian embassies, consulates and different government departments (including Indian Embassies in China, Oman, Germany, Finland, USA, India National Defense Academy and Defence Research & Development Organisation Govt. Of India, Ministry of Defence). This was a solid evidence that Indian officials and their assets in foreign countries use internet anonymizers to hide their location information. We can now easily guess how the email was registered in Russia and later used from Pakistan.
I should add here that it is not possible to find out if someone used special speech recognition software to create an email. This information is never included in the email, which makes the claim of Indian investigators totally baseless. The matter of fact is that since the email was sent in Indian language using “Devnagari script” and had some spelling mistakes, the investigators are of the view that the person dictating the email was unable to read or write Hindi and so he used speech recognition software but couldn’t proofread the text output in Hindi. The question is: Do you really think that people who planned such a professional attack and had access to Indian maps, bank accounts, mobile SIMs and credit cards couldn’t get access to someone to write or even read Hindi?
The Hindi language uses the Devnagri script, which is very complicated when compared to the English language. Here are some interesting facts about writing Hindi with computers. The following also strengthens the theory of an ‘inside job’ in Mumbai attacks:
- The Devnagri script used in Hindi has over 40 basic characters, and some 12 modifiers to the characters that are represented above or below the basic characters
- There are many keyboards available for the Devnagri script, but a user has to press a combination of keys to input one character of the script
- HP India has designed a “gesture keyboard” which uses a combination of keyboard presses and gestures to handle Hindi. The touch-pad only has the basic characters of the Devnagri script
- IBM recently developed a Desktop Hindi Speech Recognition technology, which is still in its infancy and is being tested at the Centre for Development of Advanced Computing, India
So a person needs to have an above-average Hindi reading and writing skills in order to use any of the above mentioned possibilities. With all of this information combined, we can clearly say that the email was fabricated by the Indians and they added speech recognition to add spice to the story and make it look like some Hollywood high tech movie. Albeit, it still has distinct spice of Bollywood.
Qazi Ahmed is an Information Security Consultant specializing in cybercrime investigations, cyberwarfare and protection techniques. PakCERT (http://www.pakcert.org/) is his brainchild and he can be reached at qa AT pakcert.org