Internal Security Thread

News and Discussions about politics, current affairs, international relations, economy, elections, state level politics etc.
This forum is strictly moderated.
jamwal
BGR Member
Posts: 351
Joined: Sun Oct 01, 2017 7:31 pm
Contact:

Re: Internal Security Thread

Post by jamwal » Mon Oct 30, 2017 6:00 am

End of winter season usually is busy for stone pelters. Money starts to flow in

jamwal
BGR Member
Posts: 351
Joined: Sun Oct 01, 2017 7:31 pm
Contact:

Re: Internal Security Thread

Post by jamwal » Thu Nov 02, 2017 10:43 am

Image
Concern for Security Agencies as Picture of South Kashmir’s Top Militant Sameer Tiger goes viral with #US made M4 AR-15 Rifle

sum
BGR Newbie
Posts: 29
Joined: Mon Oct 02, 2017 4:48 am

Re: Internal Security Thread

Post by sum » Thu Nov 02, 2017 2:07 pm

Usually whenever such a pic appears, it means countdown for 72 has started

jamwal
BGR Member
Posts: 351
Joined: Sun Oct 01, 2017 7:31 pm
Contact:

Re: Internal Security Thread

Post by jamwal » Thu Nov 02, 2017 4:41 pm

Another picture from Twitter
Image

jamwal
BGR Member
Posts: 351
Joined: Sun Oct 01, 2017 7:31 pm
Contact:

Re: Internal Security Thread

Post by jamwal » Sun Nov 05, 2017 6:50 am

Manu Pubby‏Verified account @manupubby 1h1 hour ago

Intrusion bid foiled by Army at 0330 hours. Three armed intruders spotted 200 m towards own side of Line of Control in Uri, two killed.

jamwal
BGR Member
Posts: 351
Joined: Sun Oct 01, 2017 7:31 pm
Contact:

Re: Internal Security Thread

Post by jamwal » Tue Nov 07, 2017 1:34 pm

Jaish Chief Maulana Masood Azhar’s nephew Talha Rasheed killed in the Pulwama encounter with security forces few hours ago.

https://mobile.twitter.com/AdityaRajKau ... 8009101312

jamwal
BGR Member
Posts: 351
Joined: Sun Oct 01, 2017 7:31 pm
Contact:

Re: Internal Security Thread

Post by jamwal » Wed Nov 08, 2017 7:44 am

Image

American rifles recovered from terrorists in Pulwama

jamwal
BGR Member
Posts: 351
Joined: Sun Oct 01, 2017 7:31 pm
Contact:

Re: Internal Security Thread

Post by jamwal » Sat Nov 18, 2017 12:44 pm

Image
#MisinformationCampaign. A fake letter masquerading to be of Indian Army being circulated in Whatsapp. Request guard against such misinformation against #IndianArmy & inform #ADGPI for pro-active action.
https://twitter.com/adgpi/status/931857505696718848

jamwal
BGR Member
Posts: 351
Joined: Sun Oct 01, 2017 7:31 pm
Contact:

Re: Internal Security Thread

Post by jamwal » Tue Nov 21, 2017 7:26 am

Image

chetak
BGR Oldie
Posts: 868
Joined: Mon Oct 02, 2017 5:08 am

Re: Internal Security Thread

Post by chetak » Sun Feb 11, 2018 6:46 am

And this little b@$**** could not be encountered??

Are we serious or what??


Srinagar attack: Who is Abu Hanzala and why him being on the run is ‘very bad news’

Srinagar attack: Who is Abu Hanzala and why him being on the run is ‘very bad news’

Vicky Nanjappa February 7, 2018,

There was more desperation rather than daredevilry in the Srinagar attack which took place today. Terrorists helped a Pakistani terrorist escape after snatching away a rifle and shooting at the police. Abu Hanzala The terrorist in question is Abu Hanzala, a close aide of Abu Dujana, the commander of the Lashkar-e-Tayiba who was killed in an encounter last year. Dujana was replaced with Abu Islamil, but he bit the bullet as well. Intelligence Bureau officials say that the escape bid was a plan to get the Lashkar-e-Tayiba a commander in Kashmir. Hanzala is an important player in the Lashkar-e-Tayiba.

He was arrested a few years back from South Kashmir in a joint operation by the Rashtriya Rifles and CRPF. Hailing from Pakistan, he is the son of a driver who worked in the Pakistan Army. He studied at the madrasa that were run by the Jamaat-ud-Dawa, the financial arm of the Lashkar-e-Tayiba. He had entered India in 2012 through Keran in North Kashmir.

A resident of Multan, he joined a group of 21 terrorists in Kashmir before moving to the southern part of the state. His first big strike in Kashmir when he killed a police officer at Pulwama in May 2013. He also led a group of terrorists which attacked an Army camp and police patrol parties at Tral, Kulgam and Shopian. He had risen up the ranks in the Lashkar-e-Tayiba and had he not been arrested he would have succeeded Dujana instead of Ismail, the mastermind of the Amarnath Yatra attack. Investigations being conducted into the Srinagar attack suggest that it was a pre-planned one and aimed only at freeing Hanzala.

The Lashkar-e-Tayiba is in desperate need of a leader in Kashmir and with its commanders getting killed back to back, Hanzala was their answer. Hanzala is known to be a lethal terrorist who carries out big attacks. His primary targets have been the Indian Army and the police. He trained at the Borevalla Sahiwala camp in Multan and became a hardened terrorists before being launched into Kashmir. He is known to carry out sensational attacks and the last one he undertook before his arrest was the shooting inside the Pulwama court complex in 2014.

chetak
BGR Oldie
Posts: 868
Joined: Mon Oct 02, 2017 5:08 am

Re: Internal Security Thread

Post by chetak » Sun Apr 22, 2018 4:46 am

x posted from the political thread
Aditya Raj Kaul Verified account@AdityaRajKaul

Former Maharashtra ATS Inspector Mehboob says RDX was planted on Lt. Col. Purohit by Police and system. Says, top IPS officers of the state and politicians of Congress from state and centre involved in fixing Army officer. Massive newsbreak on @Republic TV. #PurohitWasFixed

7:40 AM - 20 Apr 2018 from Noida, India

chetak
BGR Oldie
Posts: 868
Joined: Mon Oct 02, 2017 5:08 am

Re: Internal Security Thread

Post by chetak » Sun Sep 16, 2018 6:07 am

Should not the aadhar database have a record of the IP address from where the two paki gentlemen were registered for aadhar??


Two Pakistani militants dead, Aadhaar cards found: Jammu and Kashmir Police

Two Pakistani militants dead, Aadhaar cards found: Jammu and Kashmir Police

Ali alias Athar was a top Jaish commander involved in the IED blast in Sopore on January 6 in which four policemen were killed, police said.

Srinagar, September 14, 2018.

On Wednesday night, a joint team of J-K Police, Army and paramilitary forces cordoned off the Teliyan neighbourhood of Sopore town after receiving specific inputs about the presence of militants.

Two Jaish-e-Mohammad (JeM) militants were killed in an encounter in north Kashmir’s Sopore town on Thursday, police said. While two Aadhaar cards have been recovered from the militants, police said that they were foreigners.

“From the incriminating material recovered from the encounter site, the killed terrorists have been identified as foreigners namely Ali alias Athar and Zia-ur-Rehman,” police said. “They were affiliated to proscribed terror outfit JeM.”

Ali was a top Jaish commander who was behind the IED blast in Sopore on January 6 in which four policemen were killed, police said. Both militants were involved in attacks on security establishments, police said.

On Wednesday night, a joint team of J-K Police, Army and paramilitary forces cordoned off the Teliyan neighbourhood of Sopore town after receiving specific inputs about the presence of militants.

As the joint team zeroed in on the target house on Thursday, militants opened fire and tried to break the security cordon. The joint team retaliated, triggering an encounter in which both the trapped militants were killed.

According to the Aadhaar cards recovered from the militants, the two were residents of Kupwara, identified as Sahil Ahmad Dar and Mohd Yaseen, police said, adding that they are trying to ascertain how the Aadhaar cards were procured.

While Sopore town is seen as a militant stronghold, Thursday’s encounter was the first in the town in over four years.

chetak
BGR Oldie
Posts: 868
Joined: Mon Oct 02, 2017 5:08 am

Re: Internal Security Thread

Post by chetak » Sun Sep 16, 2018 2:40 pm

who were the developers of the aadhar software??

don't they have any responsibility for these and other security breaches??


A $35 patch reportedly let anyone in the world generate India’s Aadhaar IDs

Over the past few years, India’s Aadhaar system – which grants citizens a unique ID and access to government services – has come under fire for overshooting its prescribed applications and lack of data security. It’s not out of the woods yet, as Huffington Post India reports that it’s discovered a software patch that could have compromised the software used to enrol Aadhaar users and allow anyone in the world to register an ID.

That’s worrying, because people rely on their Aadhaar IDs to receive services and benefits like subsidized rations, pensions, and scholarships. Fake IDs can allow people to scam the system and score these benefits, while placing an additional strain on government funds and machinery.


Aadhaar Hack Existed From 2016, Confirms Expert Who Reviewed Patch
Dilemma – This is the one word that every cyber crime reporter and a researcher faces when they come across a cyber crime. The dilemma exist because of various reasons:

Is an initial tip-off even credible enough to investigate?
Can the investigation be done in a manner that does not lead one to actually perform the crime?
Can we gather credible evidence through investigations?
Is the evidence gathering process itself is legal?
Were the authorities notified about a cyber crime, so that they can initiate remedial measures, to address the issue?

The Huffington Post investigation into the cracked ECMP software is a cyber crime report and hence faced all these dilemmas, before it was eventually published. That it took three months and more from the initial tip-off is primarily because of these dilemmas. As a security researcher who worked with them during the investigation (July - September 2018), I am duty-bound to explain to readers how I worked through these dilemmas, as my involvement in Aadhaar pre-dates the HuffPost investigation.

The primary motivation for my involvement in the ECMP software hack is that ideologically, on national security, I am a hawk and my personal opinions on all other things are irrelevant. I have also made several public offers (here and here) to engage with UIDAI pro-bono, which were not responded to.

Initial Tip-Off
The first tip-off that the cracked ECMP software exists, was not a tip-off in the classical sense. It is a full-fledged investigation done by the UP Special Task force (STF), into a crime gang that specialised in creating fake Aadhaar cards. Media reports of the investigation, dated exactly one year before, have claimed the “gang hacked secure source code” and claimed that this would not have been possible without the “collusion of one or more UIDAI officials”.

Now, “collusion of one or more UIDAI officials” was a very serious charge coming from the Special Task force. No media outlet even followed it up – the story was never investigated further and died.

The collusion angle, however, piqued my interest. A google search of all media reports pointed to evidence that the “hacked software” was available for limited use, as early as Feb 2016, a full year and half before the UP STF caught the gang.

So what is the patch? What did it do? Who made it? These are questions that have not been fully answered and it is important that these came out in the public domain.

Observer
Our next breakthrough came around May 2018, when Asia Times obtained access into the WhatsApp groups of enrolment operators who were sold the cracked ECMP software because of a whistleblower. The Asia Times story was a breakthrough because it taught us where to look. It was also very similar to the UP STF story:

There was a cracked software.
It was used to bypass security measures.
It was widely used.

The last point about it being “widely used” was crucial because if it was widely used by operators who have no technical expertise, then there has to be a training program. That is when Asia Times’ South Asia editor, Saikat Datta and I had a brain wave. It has to be on YouTube, because the platform is quite popular in India.

So we did a simple google search again, and found hundreds of training videos on YouTube, which explained how to use the crack. One video, however was pretty good. It showed us the step-by-step lowdown on how the crack worked.

From a security researcher’s point of view, trying to understand how the crime was committed, this can’t get any better. It is a confession, recorded live and uploaded to a public channel and has not been taken down yet. However, a confession is still not good enough evidence.

Saikat and I needed the patch to do a forensic analysis, but we did not have it.

The UIDAI, however, issued its traditional denial, which in a way confirmed that we were on the right track – but neither of us could go any further.

Provable Evidence
When an anonymous whistleblower sent the patch to HuffPost, they sent a copy to me because of my previous involvement in reporting these issues as a security researcher. The patch is a ZIP file and constitutes evidence similar to finding a hair, nail or a fingerprint at a crime scene. It had to be corroborated with other evidence that I already knew of, such as:

The YouTube Videos
Various Police FIRs filed on fake Aadhaar scams
On-ground confirmation that it works

Forensic analysis of the patch was easy work (40 hours is easy work in security research) because it involved decompilation and reading through the JAVA source code. For non-technical readers, the enrolment software is written in the JAVA programming language and the generated bytecode should at least have been obfuscated. That UIDAI chose not to do this is simply baffling, as it made the patch-maker’s job easy.

It also made my life easy, because I can decompile the patch and read through its source code as well. To put it simply, that the top secret source code that UP Police reported was inaccessible to anyone but UIDAI, is an inaccurate claim. Anyone who could download the enrolment software, can decompile it and read through the source code. (Yes, it is that bad)

Analysing the patch, I came to the conclusions that was reported in the HuffPost story. The conclusions were disturbing enough to reach out to National Critical Information Infrastructure Protection Centre (NCIIPC). A bit about the NCIIPC is important for readers to understand. NCIIPC is the legally appointed nodal agency for all cyber-security issues related to sectors designated as critical.

A vulnerability in any software is a bug. For reporting it, there are standard procedures and format, called a bug report. NCIIPC always has been responsive to security researchers filing bug reports and usually acknowledge the receipt of the bug report almost instantly. They take it up internally with the organisation that is responsible and drive it to closure, which takes time.

However, from a security researcher’s point of view, there is no further need to follow up with NCIIPC once an acknowledgement of receipt is received, since they have a good reputation of taking it up with the concerned organisation internally.

Coming back to the patch, once the issue was reported to NCIIPC and they acknowledged the receipt of the bug report, there is not much a security researcher can do but wait for it to get resolved by the UIDAI.

Peer Reviews
From HuffPost’s point of view, one researcher’s analysis is not sufficient. It needs to be peer-reviewed and vetted by other security researchers to withstand scrutiny. So they reached out to others with the patch, who came to the same conclusions that I did, which was further corroborated by Police FIRs, YouTube Videos and also on-ground checks with enrolment operators. These operators confirmed to them that the patch still works a day before the report came out.

That the patch still worked a day before the report came out is the most disturbing part of the story.

Software hacks happen all the time and responsible organisations ensure that they get fixed once issues are reported through other, safer back-channels. It is evident that so far, UIDAI has not acted responsibly.

February 2016 was the first media report that pointed out the issue.
September 2017 was when the FIR by UP STF was filed.
September 2018 was when HuffPost reported the issue.

For two years, UIDAI did nothing, in spite of overwhelming evidence that the use of the software patch had grown exponentially. Instead, they tried to keep a lid on the problem and nothing else.

The Way Forward

I started with the dilemmas that researchers face while investigating cyber crime, and would like to analyse the HuffPost story too along those lines.

Was the initial tip-off credible?
Yes, as it came from the UP Police itself.
Did we actually commit any crime, during the investigation?

No. The YouTube Videos that Saikat and I found were confessions uploaded in the public domain. We were observers, not participants.
Was the evidence credible enough?

Yes. The patch was analysed and the conclusions were corroborated by multiple security researchers. Further, we also have FIRs filed by police officers in other states, YouTube Videos, and statements from enrolment operators.

Is the evidence gathering process legal?

Yes it is. Neither me nor HuffPost reporters did a fake enrolment that resulted in the generation of an Aadhaar number. The patch was sent to HuffPost via an anonymous whistleblower, as far as I am aware.
Were the authorities notified about the crime?

Yes they were. Multiple emails were sent to UIDAI over time, as early as May 2018. Further, UIDAI officials themselves were involved in some of the investigations done by the local enforcement agencies. So they were more than aware of the issue, for quite some time.

Cyber crime is a hard topic to even write about in long form for non-technical readers. A clever snark on Twitter or a sound bite on TV might be an attractive option to get eyeballs, but does not help much in the long term. Given the explosion of I-T, cyber is the most urgent policy problem of our times.

As far as I am aware, the only agency with proven capability to do this and also has constitutional backing is NCIIPC. While the UIDAI may be the problem child that gets everyone’s attention by throwing temper tantrums, NCIIPC may yet become the quiet achiever, if given the right backing.

(Anand Venkatanarayanan is a Bengaluru-based cyber security analyst and software developer.)

First Published: 12.09.18

Sachin
BGR Oldie
Posts: 539
Joined: Mon Oct 02, 2017 3:25 pm

Re: Internal Security Thread

Post by Sachin » Sun Sep 16, 2018 5:06 pm

Huffington post & their love towards India is well known. I have not gone through the details, but here are a few official press releases from UIDAI. PS: I expect more such stories to come up, because there are a number of Aadhar/UIDAI related cases now pending final hearing at Hon.SC.

Post Reply