The Delhi Police say it had alerted hotels to enhance security after serial blasts last year. Cyber crime experts say communications sent through such connections are almost impossible to trace
The Delhi Police say it had alerted hotels to enhance security after serial blasts last year. Cyber crime experts say communications sent through such connections are almost impossible to trace
December 22, 2009, Monday 4.17 PM: MiD DAY, Delhi editor receives an e-mail from Indian Mujahideen (IM), saying that serial blasts are going to rock some five-star hotels at Connaught Place (CP) and Nehru Place within an hour. The mail further reads that the terror outfit's jihad against India continues.
The e-mail was actually sent by MiD DAY correspondents through an unsecured WiFi connection at the five-star hotel, The Grand, in south Delhi. It was no prank played on the editor but an eye-opener about the lax state of security at the city hotels. It was not very far ago that Indian Mujahideen shot similar mails from similar networks from across Mumbai. It seems that the security agencies, while securing other things, have again forgotten the threat from the virtual world.
|
|
|
|
Security check: The pop-up on the MiD DAY correspondent's laptop (above) showing the unsecured WiFi connection at The Grand and (below) the two journalists sending out e-mails from the hotelu00a0pics/MiD-DAY |
Prized targets
"Post 26/11 it has become clear that hotels can maximise the impact of a terror strike and thus are the new targets for militants. Interrogations into the David Headley saga has also revealed how such hotels have become favourite destinations for terror masterminds where they can stay and plan terror strikes. Unsecured WiFi connections only facilitate their evil designs," a senior Intelligence Bureau official said, requesting anonymity.
Surprisingly, The Grand is not the only hotel in the capital which provides an open WiFi network. While most of the five -star hotels have secured their networks after the Delhi Police advisory to this effect, there are some which do not ask for an identity verification from people accessing their WiFi networks.
Cops say
The Delhi Police said all starred hotels in the city have already been asked to augment security and secure their WiFi connections after the serial blasts in the capital in 2008. "Five-star hotels are expected to understand and address this issue. We have informed all the hotels in the capital and most of them are adhering to the norms. They have been informed about the possible misuse of the network and were asked to maintain data of the WiFi users," said Delhi Police PRO Rajan Bhagat.
Bhagat said that though there are no penal provisions for those not conforming to the rules but "it is part of their basic business responsibility".u00a0
What others do
Reacting to the faux pas by The Grand, Hemant Khattar, General Manager, IT of The Lalit said: "We have invested more than Rs 90 lakh to secure our cyber infrastructure. We have CCTV cameras in place to monitor people using WiFi in the lobby and coffee shops. Post Mumbai attacks we have put in stringent checks at our business centres which provide WiFi coupons to guests to rule out any misuse of the system."
He added that most hotels in Delhi have invested hugely to ensure that no unauthorised person gets into their network.
Untraceable
Cyber security expert Rajat Khare was shocked to hear that The Grand's WiFi network is unsecured. He said even if one rules out the possibility of a terrorist using the connection, any cyber fraud can exploit it to launch spam attacks and send malicious files or codes. "The problem with such communications is that they are almost impossible to trace," he said.
Himanshu Tiwari, a cyber crime expert, explained. "When most of the wireless devices are installed they are kept on default mode which means it gives free access. If a mail is sent from such a network it will show the Media Access Control address (MAC address) of the router or modem not the computer through which the mail is sent. Therefore, the mail sent from The Grand's WiFi would be traced to the hotel's IP address and not the actual computer used to send it." Despite repeated communications, representatives from The Grand did not react to the development.
| What's Indian Mujahideen? |
|
Investigators believe that Indian Mujahideen is one of many groups composed of lower-tier SIMI members. According to the Intelligence Bureau, SIMI took new titles because its top leadership have been detained.
Attacks that they claimed:
The e-mails sent by Indian Mujahideen claimed they were responsible for the following terror incidents. One warning e-mail was received 5 minutes before the first blast in Ahmedabad. Another was received soon after the first blast during the Delhi bombings. The timing makes it impossible for any other groups to have sent the two mails.
23 November, 2007: Uttar Pradesh serial blasts
13 May, 2008: Jaipur bombings
25 July, 2008: Bangalore serial blasts
26 July, 2008: Ahmedabad serial blasts
13 September, 2008: Delhi serial blasts |
