Government to sniff your emails

Written By Mayank Tewari | Updated:

Here’s how the Indian government plans to track suspected terror emails in real time: It’s going to sniff or read your messages.

MUMBAI: Here’s how the Indian government plans to track suspected terror emails in real time: It’s going to sniff or read your messages.

Sniffing, in technical terms, means capturing data being transmitted on a network to identify its origin and destination and, if needed, see its contents. Sniffer programmes are commonly used by internet service providers (ISPs) to detect bottlenecks and problems for regulating internet traffic.

Senior officials in New Delhi who are acquainted with the government’s response to internet-based terrorism told DNA that effective mechanisms have been put in place to sniff and monitor the domestic internet traffic at various points for suspected terror emails and other communication.

Email tracking is the buzz word in cyber intelligence circles.  

“We have unofficial estimates that everyday nearly 25,000 new email IDs are created by users accessing only one of the major e-mail networks. We also suspect that terror IDs are created specifically for sending out an email. In this context, sniffing mail servers can help us track down these suspected IDs even as they are being created,” said an official familiar with the government’s policy on cyber terrorism.

The intelligence agencies have been monitoring the international internet traffic emanating and ending in India for the last two years. “The security agencies have installed hardware at three major international gateways that sniff the internet traffic leaving India and coming into the country,” the senior official said.

However, with more and more evidence of home-grown terrorists using domestic networks for communication, the intelligence community has been making noises about deploying the sniffing technology at the local ISP level.

Sources have told DNA that this internet monitoring has been “more or less” accomplished with the top five internet service providers in the country. Every email, chat or data transfer across India can be tracked and, if needed, read in this fashion.
“The tracking is done using a technology called deep packet inspection (see box). This is an expensive technology which requires hardware costing a couple of crore rupees. Installing the hardware at all of the 150-odd ISPs in the country was a very expensive idea,” the official said.

To work its way around the problem, the ministry of telecom, information technology and representatives of intelligence agencies came out with a solution at a high level meeting a year ago.

“It was decided that instead of monitoring the internet at 150 ISPs, we could manage by monitoring the internet at five or six major ISPs in the country as most of the domestic internet traffic almost always passes through their networks,” said Rajesh Charia, president of the ISPs’ association of India.

The deep packet inspection is a controversial internet monitoring tool. Explaining how the system works, a senior official in the cyber intelligence apparatus told DNA: “The technology is deployed at the level of the internet service provider. The technology is able to sniff packets of data passing through the network.”

“The technology is controversial because while it helps monitor traffic for national security purposes, it also gives a lot of power to the ISP to analyse its internet traffic and give priority to one kind of data transfer over others. For instance, if an ISP discovers using deep packet inspection that during the day most of the data packets passing through its networks are videos and audio files due to which its own corporate customers’ traffic is getting slowed down, the ISP may slow down the video and audio traffic to give priority to the data of its prime customers,” the official said.

But there is nothing so top secret about the technology. Murali Talasila, head of cyber forensics at KPMG consulting, told DNA that the corporate sector is deploying high-tech cyber forensic tools that control and monitor every kind of internet traffic on their networks.

“The technology is not all that new and is widely available. Many Intellectual Property Rights sensitive industries like automobile design houses and pharma companies are the traditional consumers of such technology,” he said.