Warning: Creating default object from empty value in /nfs/c03/h07/mnt/56080/domains/filtercoffee.nationalinterest.in/html/wp-content/themes/canvas/functions/admin-hooks.php on line 160

The Delhi terror trail

Some thoughts on the HuJI & IM emails, and the on-going investigation.

Investigation into the heinous attack on the Delhi High Court that left 11 dead and several injured has begun.  At the center of this investigation are two emails alleged to have been sent by Harkat ul-Jihad al-Islami (HuJI) and, subsequently, by the Indian Mujahideen (IM).

The email alleged to have been sent by HuJI was via Gmail.  Based on this article by DNA, NIA and Delhi Police investigating the terrorist attack traced the email to a cybercafe in Kishtwar, Jammu and Kashmir.  The owner of the cybercafe, Mehmood Khawja and two others are reportedly being questioned.

A couple of important points need to be noted about the ongoing investigation.  First, Gmail is a free, web-based service provided by Google, whose mail servers reside in the U.S.  As such, these mail servers and the data they contain are subject to U.S. law. In the event that the Government of India would need access to any of this information, it would need to make a formal request, justifying its need to access a third party’s data, to Google via the U.S. government 1.  If this has indeed happened and has resulted in India obtaining data pertinent to this email, then it bodes very well for the Indo-US counter-terror cooperation.

This is especially impressive, since Indian investigators were able to gain access to the alleged HuJI mail account within the span of 3 hours (the email was sent 3 hours after the blast and investigators had access to the account’s password 3 hours subsequent to that, as indicated in DNA’s account).  Now, it is entirely also possible that Indian investigators were able to guess the account’s password, but the gut feeling of this blogger is that the explanation provided by NIA and Delhi Police stretches credulity.

Next, Toral Varia, journalist with Rediff has a good comparative analysis of the emails sent by HuJI and IM to ones previously sent by these groups.  The article points out discrepancies in typefacing and format — even spelling (the IM email misspelled mujahideen as “Muzahideen.”) — from threats previously received from these groups.  Therefore, it would appear that these emails were sent by people who may have not had prior knowledge about a pending attack on Delhi High Court.

It must be noted that Indian Mujahideen has sent as many as five emails claiming responsibilities for various attacks. All the emails were drafted with precision using PDF files, various fonts and colours, Urdu script, a proper signature, a well researched list of recipients, and sent minutes after a terror attack was executed. All the mails were signed by ‘Al ARBI.’

Content for the Indian Mujahideen mails was usually written in impeccable English, interspersed with the verses from the holy Koran, a picture of the Gujarat carnage, references to ‘atrocities on Muslims’ amongst other inflammatory literature.

However, one look at both the emails, that have been sent claiming and counter claiming responsibilities for Wednesday’s blast, and the first impression is that the mails have perhaps been sent by an amateur. [Rediff]

At the same time, it is also equally important to not discredit these leads based on prima facie evidence.  Unfortunately, some TV news anchors are dismissing these emails as “prank emails.” It would be dangerous to categorize them as such.  Now, the fact the senders of the HuJI email were traced down as quickly as they apparently were leads us to believe that the senders weren’t very technically adept.

Those who follow the modi operandi of jihadi groups know that the first rule that today’s terrorist learns is cyber cover and concealment.  This might possibly indicate that the senders of the email were either not very well trained, or not directly linked to the perpetrators of the attack.  However, this shouldn’t necessarily mean that these correspondences were “prank emails,” as the entire purpose of the emails might have been to deliberately mislead investigators.

Finally, we must recognize that we must give investigators the time and space to fully and thoroughly investigate the attack. Delhi Police has been (quite fairly) criticized for not learning from the lessons of the past and not taking the necessary precautionary measures to deter the attack.  We also know all too well that not one terror attack in India since 2005 has been resolved.  But at the same time, let’s not play judge, jury and executioner before we’ve given the NIA and DP the opportunity to investigate.  In this regard, the media should take it upon itself to play a more constructive role.

1 Some readers have brought Google’s “User Data Requirements” (LT vinay and @_g0nz0_) to my attention. It would appear that Google has established processes allowing governments to access private user data. Based on the language, it appears to be broad enough to access to email, without the involvement of the U.S. However, both GoI and Google would have to be astonishingly effective were the entire process, from request to receipt, accomplished within the span of 3 hours.

Related posts:

, , , , , , , , ,

15 Responses to The Delhi terror trail

  1. Read "@filter_c: On my blog: The Delhi terror trail: some thoughts on the HuJI & IM emails, and on-going investigation. http://t.co/0uQS7wQ"

  2. @surenmehla September 8, 2011 at 3:08 am #

    RT @aditi_malhotra_: Read "@filter_c: On my blog: The Delhi terror trail: some thoughts on the HuJI & IM emails, and on-going investigation. http://t.co/0uQS7wQ"

  3. Varun Mahajan (@varunm) (@varunm) (@varunm) September 8, 2011 at 10:49 am #

    The Delhi terror trail: http://t.co/XIKXkXo

  4. Adi September 8, 2011 at 11:38 am #

    So what are you trying to say?

  5. @gopimaliwal September 8, 2011 at 11:52 am #

    RT @aditi_malhotra_: Read "@filter_c: On my blog: The Delhi terror trail: some thoughts on the HuJI & IM emails, and on-going investigation. http://t.co/0uQS7wQ"

  6. vinay September 8, 2011 at 12:50 pm #

    A very nice analysis!!

    But let us not flap our wings that US govt is cooperating with us on this. Any govt. Google servers are all over the world and many govts request data from google and they are required to comply in order to operate in a country. See the statistics for last year by indian government. http://goo.gl/VAYDr

    We need to get away from the mentality of watching up to US or UN (nehru set the example) and save our own asses ourselves.

    The operatives are right under our noses and we setup a commision, investigate waste time and money and finally forget.
    Why not arrest all the Fai benefactors and other liberal media/separatist crooks first.

  7. Rohan Joshi (@filter_c) September 8, 2011 at 1:41 pm #

    Blogpost replug: Delhi terror trail: some thoughts on HuJI & IM emails, and on-going investigation. http://t.co/n3jHhZG

  8. Krupakar Manukonda (@Krupakar_m) September 8, 2011 at 1:42 pm #

    RT @filter_c: Blogpost replug: Delhi terror trail: some thoughts on HuJI & IM emails, and on-going investigation. http://t.co/n3jHhZG

  9. Nitin Pai (@Acorn) (@acorn) (@acorn) September 8, 2011 at 1:43 pm #

    RT @filter_c: Blogpost replug: Delhi terror trail: some thoughts on HuJI & IM emails, and on-going investigation. http://t.co/n3jHhZG

  10. Rohan Joshi September 8, 2011 at 2:06 pm #

    @vinay: Thanks for the link. Hadn’t seen that before. Interesting that there was no info on access to Gmail accounts/data in that list.

    If you were to re-read what I’m saying in the blogpost, you’ll see that I say that I’m not certain they did what they’re saying they did.

  11. shivangi tripathi (@_SHIVANGI__) September 8, 2011 at 2:40 pm #

    RT @filter_c: Blogpost replug: Delhi terror trail: some thoughts on HuJI & IM emails, and on-going investigation. http://t.co/n3jHhZG

  12. excellent piece by @filter_c http://t.co/hFHnpnU on HuJI & IM mails soon after the #delhiblast

  13. @bhaaratvasi September 9, 2011 at 4:03 am #

    RT @filter_c: Blogpost replug: Delhi terror trail: some thoughts on HuJI & IM emails, and on-going investigation. http://t.co/n3jHhZG

  14. vinay September 9, 2011 at 5:25 am #

    @rohan in the link, if you click on the user data requests (for exmpl. govt did 1699 user data requests between july-dec 2010)
    These are the requests pertaining to google accounts (can be gmail picasa anything) which govt. wanted info on.

Trackbacks/Pingbacks

  1. Bomb Blast at Delhi High Court, 12 dead, many injured. - Page 12 - September 9, 2011

    […] 227 times Some thoughts on the HuJI & IM emails, and the on-going investigation. Investigation into the heinous attack on the Delhi High Court that left 11 dead and several injured has begun. At the center of this investigation are two emails alleged to have been sent by Harkat ul-Jihad al-Islami (HuJI) and, subsequently, by the Indian Mujahideen (IM). The email alleged to have been sent by HuJI was via Gmail. Based on this article by DNA, NIA and Delhi Police investigating the terrorist attack traced the email to a cybercafe in Kishtwar, Jammu and Kashmir. The owner of the cybercafe, Mehmood Khawja and two others are reportedly being questioned. A couple of important points need to be noted about the ongoing investigation. First, Gmail is a free, web-based service provided by Google, whose mail servers reside in the U.S. As such, these mail servers and the data they contain are subject to U.S. law. In the event that the Government of India would need access to any of this information, it would need to make a formal request, justifying its need to access a third party’s data, to Google via the U.S. government 1. If this has indeed happened and has resulted in India obtaining data pertinent to this email, then it bodes very well for the Indo-US counter-terror cooperation. This is especially impressive, since Indian investigators were able to gain access to the alleged HuJI mail account within the span of 3 hours (the email was sent 3 hours after the blast and investigators had access to the account’s password 3 hours subsequent to that, as indicated in DNA’s account). Now, it is entirely also possible that Indian investigators were able to guess the account’s password, but the gut feeling of this blogger is that the explanation provided by NIA and Delhi Police stretches credulity. Next, Toral Varia, journalist with Rediff has a good comparative analysis of the emails sent by HuJI and IM to ones previously sent by these groups. The article points out discrepancies in typefacing and format — even spelling (the IM email misspelled mujahideen as “Muzahideen.”) — from threats previously received from these groups. Therefore, it would appear that these emails were sent by people who may have not had prior knowledge about a pending attack on Delhi High Court. It must be noted that Indian Mujahideen has sent as many as five emails claiming responsibilities for various attacks. All the emails were drafted with precision using PDF files, various fonts and colours, Urdu script, a proper signature, a well researched list of recipients, and sent minutes after a terror attack was executed. All the mails were signed by ‘Al ARBI.’ Content for the Indian Mujahideen mails was usually written in impeccable English, interspersed with the verses from the holy Koran, a picture of the Gujarat carnage, references to ‘atrocities on Muslims’ amongst other inflammatory literature. However, one look at both the emails, that have been sent claiming and counter claiming responsibilities for Wednesday’s blast, and the first impression is that the mails have perhaps been sent by an amateur. [Rediff] At the same time, it is also equally important to not discredit these leads based on prima facie evidence. Unfortunately, some TV news anchors are dismissing these emails as “prank emails.” It would be dangerous to categorize them as such. Now, the fact the senders of the HuJI email were traced down as quickly as they apparently were leads us to believe that the senders weren’t very technically adept. Those who follow the modi operandi of jihadi groups know that the first rule that today’s terrorist learns is cyber cover and concealment. This might possibly indicate that the senders of the email were either not very well trained, or not directly linked to the perpetrators of the attack. However, this shouldn’t necessarily mean that these correspondences were “prank emails,” as the entire purpose of the emails might have been to deliberately mislead investigators. Finally, we must recognize that we must give investigators the time and space to fully and thoroughly investigate the attack. Delhi Police has been (quite fairly) criticized for not learning from the lessons of the past and not taking the necessary precautionary measures to deter the attack. We also know all too well that not one terror attack in India since 2005 has been resolved. But at the same time, let’s not play judge, jury and executioner before we’ve given the NIA and DP the opportunity to investigate. In this regard, the media should take it upon itself to play a more constructive role. 1 Some readers have brought Google’s “User Data Requirements” (LT vinay and @_g0nz0_) to my attention. It would appear that Google has established processes allowing governments to access private user data. Based on the language, it appears to be broad enough to access to email, without the involvement of the U.S. However, both GoI and Google would have to be astonishingly effective were the entire process, from request to receipt, accomplished within the span of 3 hours. The Delhi terror trail | The Filter Coffee […]

Leave a Reply