IPS officer Aditya Mishra, speaking at the International Conference on Mobile Law in Delhi, explained how Internet Telephony is a cause for concern for security agencies, given that it is extremely difficult to trace the source of the calls, even though IP allows for recovery of all call related information, including call recordings.
During his talk at the conference, Mishra said that the terrorists involved in the attacks used a VoIP based service called Callphonex, based out of New Jersey, USA. Callphonex got an email from a mail id, email@example.com on 21st October 2008, from Kharak Singh from India, for starting a VoIP account. “To activate this Callphonex VoIP account, an initial payment of $250 was made by a Mohammaed Isfaq through a Lahore based agent, through MoneyGram. A Virtual number 0012012531824 was allotted by Callphonex, and it is the property of a Voxbone, a Belgian company, and was leased out to Callphonex, and a request was changed for allottment for 5 DID numbers (Direct Inward Dialers).” The calls are supposed to be coming for the virual US number, but they go to the five Austrian DID numbers, which are all virtual numbers, albeit mobile numbers.
“Many of the calls being monitored going in and out of the Taj Mahal Hotel were from this virtual number, by the Pakistani handlers to give an impression that calls were being made from the US, and not Pakistan. During the 58 hour siege of Mumbai, which led to over 180 people being killed, a total of 284 calls, running into 995 minutes were made by terrortsis using mobile phones from Taj Mahal Hotel, Oberoi, Trident and Nariman House to their handlers in Pakistan on this virtual number. During the attack, they were using Indian cell phone numbers that they had managed to get beforehand. These numbers received calls from the virtual number, and they made calls to the Austrian numbers. Later investigation revealed that over 150 test calls had already been made between November 24th and 26th, before the attack, and they had already practiced this. But they realized they (the account) was running out of money, so on November 25th, a second payment of 229 Euros was sent to Callphonex, from Western Union Money Transfer location called Madina Trading in Italy. The money senders name was Javed Iqbal, holding a Pakistani passport. This payment was communicated to Callphonex was communicated by Kharak Singh via his email address. On November 25th, two employees of Madina Trading company in the Northern Italian town of Gracia, 60 year old Mohammed Yakub and his son were managing the company, sent the money Callphonex using a stolen identity. The funds were transferred under the identity of another Pakistani who had never been to Italy, and was not involved with the attacks.”
In case of an IP Network, Mishra explained, the IP Routing Logic is still managed by a service provider. Calls form the computer and the mobile phones are routed through the IP Network, and then from some server, somewhere in the world, it gets pushed to the ISD network.
“The interface could be anywhere in the world. The Belgian company could find a Brazillian server very cheap, or some African country where the ISD rates are very cheap. The laws across all these countries are very different. The thing that is worrying all of us is that while in GSM you have a standard protocol, behind that you have at least 20 fields of information that are carried with the call, in internet telephony, there is no standard protocol because its developed on the Internet, and the Internet doesn’t want any control. How and where the Internet call is pushed to the cellphone network, is not known. What happens is that there is just no legal framework, and what number would come here is not unknown to you.”
Mishra offered to demonstrate this by morphing a call, to showcase how using the Internet, a person in any corner of the world, can manipulate your numbers and calls. He called for a balance between security and simplicity, saying that the idea is not to make the process burdensome.
However, Internet Telephony has its advantages too: “If the same thing had happened over the GSM network, we may not have been able to get all the data, but and thanks to the so called co-operation we had, and the Internet telephony, all the data and the conversations were completely recovered, which may not have been possible with a GSM network. Every bit of conversation – how the handlers were also watching TV, telling the terrorists where to go, with a running commentary. The Internet gives the agency more access to data, and maneuverability, which obviously should be accessed in a discreet manner. But, my appeal is that if you make the process simple for the consumer, it will go through. But you need a strong protocol of technology, so when we do want to access that, it is easy for the agencies.”