The Mumbai attacks, among other things, are a lesson to all of us on the importance of protecting the usage of technology and information. A laundry list of technologies used by the terrorists before and during the attacks includes:
1. GPS devices – For steering the sea vehicle as they approached Mumbai. None of the terrorists have been known to get a formal training in sea faring but they were still able to come from Karachi to Mumbai.
2. Satellite phones – For usage at seas we well as in Mumbai in case local phone networks are jammed
3. Internet enabled cell phones with switchable SIM cards – To monitor media and stay in touch with their management, also to monitor police response and activities
4. Anonymous email services - To communicate with media using a “remailer” service which prevents the email source to be traced
5. VoIP numbers – For communication during the siege such that the local networks are not able to tap into the conversation
The scary part is that most of the above technologies (with the possible exception of Satellite phones - which can again be ordered from the internet for as low as $25 per week ) is fairly easily available. Even remailer services are easily accessible on the internet.
Besides technology the terrorists also demonstrated innovative gathering and use of information required to conduct an operation of this scale. It is now confirmed that the terrorists had high resolution satellite images (available freely on the internet) of Mumbai which would have been used to get themselves familiar with Mumbai streets before coming. They also appeared to have fairly detailed knowledge of the internal layout of the target locations. This information could have been obtained from their accomplices who are rumored to have stayed at the Taj and Oberoi Trident for a few days ahead of the carnage. It looks however unlikely that such a big operation would be put at risk by having people roaming around the hotels collecting information. With the method and precision used, the possibility of the terrorists having detailed drawings of the Taj and Oberoi Trident cannot be ruled out. The few places where these drawings are available are within the hotel itself and with public authorities (to find out names of authorities, the fire brigade department and BMC are obvious choices)
It appears that it might actually not be too difficult a task to gather the above information since Google earth is a free service and getting the internal layout of these buildings from one of the many places it is unavailable appears easy with no formal information security policy being implemented for these departments.
Some of the measures that our public offices must take for prevention of technology usage for terrorism are :
1. Preventing Google earth and similar services from displaying high resolution images of the (CRZ) Coastal Regulatory Zone as well as other sensitive areas
2. Ensuring that copies of layout drawings of public buildings are stored digitally and under high security. Even if the drawings are released to any body the usage of the information is restricted.
3. Having stricter identity norms for users of public services like mobile and financial services.
See also: Wikipedia
1. GPS devices – For steering the sea vehicle as they approached Mumbai. None of the terrorists have been known to get a formal training in sea faring but they were still able to come from Karachi to Mumbai.
2. Satellite phones – For usage at seas we well as in Mumbai in case local phone networks are jammed
3. Internet enabled cell phones with switchable SIM cards – To monitor media and stay in touch with their management, also to monitor police response and activities
4. Anonymous email services - To communicate with media using a “remailer” service which prevents the email source to be traced
5. VoIP numbers – For communication during the siege such that the local networks are not able to tap into the conversation
The scary part is that most of the above technologies (with the possible exception of Satellite phones - which can again be ordered from the internet for as low as $25 per week ) is fairly easily available. Even remailer services are easily accessible on the internet.
Besides technology the terrorists also demonstrated innovative gathering and use of information required to conduct an operation of this scale. It is now confirmed that the terrorists had high resolution satellite images (available freely on the internet) of Mumbai which would have been used to get themselves familiar with Mumbai streets before coming. They also appeared to have fairly detailed knowledge of the internal layout of the target locations. This information could have been obtained from their accomplices who are rumored to have stayed at the Taj and Oberoi Trident for a few days ahead of the carnage. It looks however unlikely that such a big operation would be put at risk by having people roaming around the hotels collecting information. With the method and precision used, the possibility of the terrorists having detailed drawings of the Taj and Oberoi Trident cannot be ruled out. The few places where these drawings are available are within the hotel itself and with public authorities (to find out names of authorities, the fire brigade department and BMC are obvious choices)
It appears that it might actually not be too difficult a task to gather the above information since Google earth is a free service and getting the internal layout of these buildings from one of the many places it is unavailable appears easy with no formal information security policy being implemented for these departments.
Some of the measures that our public offices must take for prevention of technology usage for terrorism are :
1. Preventing Google earth and similar services from displaying high resolution images of the (CRZ) Coastal Regulatory Zone as well as other sensitive areas
2. Ensuring that copies of layout drawings of public buildings are stored digitally and under high security. Even if the drawings are released to any body the usage of the information is restricted.
3. Having stricter identity norms for users of public services like mobile and financial services.
See also: Wikipedia
Posts
1 comments:
Hmmm, interest post on information security. It's tough to have a completely secure network or environment. The Mumbai attacks should be a wake-up call for everyone.
Post a Comment