Hi-tech Mumbai attacks pose forensics problems for intel agencies

The barriers to government-authorized communications interception posed by the increasing use of Internet-based communications systems by militants or criminals are nothing new. Intelligence and law enforcement agencies have been struggling with this issue since the late 1990s, when audio-enabled instant messenger services began to rise in popularity. In 2005, a brief report in Time magazine correctly described Internet-based audio communications as a “massive technological blind spot” troubling FBI wiretap experts. It has now emerged that last month the Pakistani militant group, Lashkar-e-Taiba, used voice-over-Internet-protocol (VOIP) software to communicate with the Mumbai attackers on the ground and direct the large scale operation on a real-time basis. According to Indian intelligence sources, the attackers’ handlers “were apparently watching the attacks unfold live on television [and] were able to inform the attackers of the movement of security forces from news accounts and provide the gunmen with instructions and encouragement”. The distinguishing feature of VOIP-based communications, which form the technical basis of popular communications software, such as Skype and Vonage, is that audio signals are converted to data and travel through most of the Internet infrastructure in binary, rather than audio, format. Furthermore, they are sometimes encrypted using algorithms of various strengths. Additionally, VOIP data packets often travel through Internet networks looking for unused lines, which may not necessarily be the shortest route to their destination. Consequently, a VOIP source signal from New York to Los Angeles could easily reach its destination through, say, Reykjavik or Bogota. What is more, binary data packets often split, with different parts following different routes to a given destination and only reuniting at a switch close to the end destination.  This poses severe barriers to communications interception, as well as to the ability of law enforcement and intelligence agencies to locate the source of target calls. The Mumbai attacks were a typical example of this, to the extent that, even though Indian intelligence services know that the handlers of the Mumbai attackers were located in Pakistan, their VOIP communications have so far been “traced to companies in New Jersey and Austria”. [IA]