Rediff.com« Back to articlePrint this article

VOIP presents new challenge to cyber cops

February 19, 2009 16:56 IST

Terrorists relying on newer technologies like proxy internet servers and Voice over Internet Protocol (VOIP) as indicated by Pakistan's probe into the recent Mumbai attacks pose a new challenge to police investigations, feel cyber experts.
 
"There is so much data communication on the internet at all times that it is very difficult to detect VOIP that is malicious in nature. Even if it is detected, decoding the communication, tracing the locations of the terrorists, monitoring them, etc, is very difficult," says Ankit Fadia, a cyber security expert.
 
VOIP software usually encrypts or encodes the communication, hence making it very difficult for police to decode intercepted calls."Most VOIP software companies like Skype or Google Talk are based outside India. This is a further hindrance to investigation, since it takes a long time to get response from these companies abroad," says Fadia, winner of Indo-American young achiever award.
 
Cyberlaw experts say there are many loopholes that makes it difficult to keep track of terror transactions.
 
"At the time when different countries have come up with distinct legislation they have an impact of Cyber Terrorism, having a single provision on Cyber Terrorism, is not likely to help India in the long run," says Pavan Duggal, a cyber law expert.
 
While adding there is a need for specialised cyber terror courts to be established, Duggal says, "Indian government needs to be complimented for coming up with the detailed provision on Cyber Terrorism which makes it as a penal offence punishable with life imprisonment and fine, he says.
 
Fadia says that Indian police is not very equipped to handle cyber crime investigations. "Although India is the IT capital of the world, in computer security it is far lagging behind. At a recent conference in Delhi, one police official asked me, "yeh internet ki building kidhar hain" (Where is this internet building?).
 
Look at the engineering colleges

across the country. None of them offers any courses on computer security. This is
the primary reason for a lack of experts in India. We need more courses, education and awareness in India," he says.
 
Pakistan in its findings had said that their national Javed Iqbal had acquired VoIP phones from Spain for Mumbai
attackers. And it was the also revealed by the Mumbai police that terrorists used VoIP calling platforms to communicate with their masters on 26/11.
 
"With use of proxy servers and other anonymous softwares and devices, it is possible for any person to use
the VOIP for the purposes of transmitting his terrorist designs and activities, says Duggal.per the Indian Cyberlaw, Section 69 of the Information Technology Act 2000 provides for interception of any electronic communication transmitted through any electronic resource within India.
 
But the interception can only be ordered on the orders of the Controller of Certifying Authorities, which is a
statutory authority under the IT Act.
 
"The Central Government could apply to the CCA and if it is satisfied that the same is necessary in interest of
sovereignty of the country, friendly relations with other nations, or for preventing any incitement to the commission of any offence or contravention of public order, the CCA may direct any interception of any electronic communication passed into any computer resource," Duggal says.
 
Information Technology Amendment Act 2008 has brought in certain amendments under which both the Central and State government could direct interception blocking or monitoring depending on the peculiar facts and circumstances of each case However the same have not yet been notified. "These provisions are yet to be tested in judicial waters," says Duggal.
 
Delhi High Court advocate Vivek Sood says, "There are proxy servers located in places where either the laws are weak or the governments their encourage cyber crimes as a source of prosperity for their people."

Anurag Sharma in New Delhi