Cyber Cafe Monitoring - Mumbai Police

Friday, August 31, 2007

Are we just plain stupid? Mumbai Police is planning to install Key loggers and monitoring software which will send out information about Emails, Chat, Websites visited, IM logs, take screen shot at a regular interval and send it to a server, I cant think of such a big foolishness as this, Notorious or buddy hackers in the neighborhood have already installed key loggers and all sorts of crap on those cyber cafe pc's and thanks to users spyware also has a safe home there, AND now another surveillance utility developed by Micro Technologies called CARMS (Cyber Access Remote Monitoring System), a powerful monitoring tool that seeks to curb cyber crime.

I have some thoughts:

  1. Are the terrorists operating only from Cyber Cafe's ?
I can accept that other small crimes like cyber stalking, harassing are done from cyber cafe's but for terrorists I dont think anybody can stop them from buying satellite internet service from Reliance, TATA or just use GSM cell phones to connect online, use encryption and communicate. was America successful in breaking the internet communication channel for terrorists ?

2. Encryption and Wiping Tools

All terrorists that are caught and their belonging seized have encryption and wiping tools available and installed on their PC's. Are they fools to type "Lets bomb blah blah tomorrow at 1.00PM" ?

3. Linux Live

Has Mumbai Police heard of Knoppix, I can just reboot the Windows running PC with a linux live CD which runs the complete operating system off cd drive, it loads everything in RAM, and as we know RAM is volatile it holds data only till the power is on, once its off the data is lost.

4. USB drives

Operating system and Applications can be booted and ran off USB drive also. If you the best encryption tools, Stenograpy tools are anyways Portable which means they can be copied to usb drives and can be used no need to install them.
5. Stenography

If a terrorist comes and sends an email with images to somebody from the cyber cafe with that monitoring system installed with a title amusement park or just uploads them to flickr or picasaweb with public viewing rights and which has a small girl playing on rides etc. The smart part here is he has already done stenography with those images, the message is embedded, the damage is done, and stenography is not limited to images, it can be done with audio video and everything under the SUN.

6. Cyber Cafe plans on the HDD.

A smart terrorist can just bring a complete package files save it on the HardDrive, and bind a emailing tool with firefox.exe and now when the next person comes in the is in trouble. But when binding the exe he will have very little time because thanks to CARMS every 5 seconds or so a screen shot will be taken so need to be fast.

Now I think i am a little pissed of by the decision and going mad and writing all the tricks to bypass the CARMS system. But i can assure that breaking CARMS wont take anytime its just that you can putting more burden on people, your people, end users.

I just think its a stupid idea.

-- Anish


Anonymous said...

govt. cannot breach privacy of people for the idea of a stupid person. see what bush has done to america, the mumbai police wants to spoil the internet party, they are crazy and i agree with you

Anonymous said...

Anish, agree with you on this one.. The navi mumbai incident of email. the person used unsecured wifi connection at 15th floor.... How does that figure in whole context of things...... now go and install the keylogger on his laptop.

Ani said...

I agree, What has happened is bad and instead we have already known that Terrorists have been using internet as a medium to do all sorts of nasty stuff (America is a solid proof), But just installing keyloggers in cybercafe's is not an ideal solution, there will be lot of personal stuff that should not be shared with others specially ladies. instead a CCTV monitor can do wonders in cybercafe's with normal authentication like PAN card etc.

But one thing that is alarming is Unsecured Wifi is becoming very common in India and it should be noted that ISP's should take the responsibility to install the WPA key on modem/routers and not use unsecured Wifi or WEP because both are very unsecure and WEP is quite easy to crack. Strong WPA should be used and many more measures need to taken by Govt. to discourage the abuse on the internet. It should not be strict only for terrorists but also for hackers and mischief mongers.

Very strict and major revisions need to done in the IT Law also.


  © Blogger templates Newspaper by 2008

Back to TOP