NEW DELHI: Going beyond its mandate, the fledgling National Technical Reasearch Organisation had tried to penetrate the user data of American internet service providers, including Google, Yahoo! and Skype, between 2006-2007. Although it failed to crack that the agency routinely accessed servers of some Indian providers like Rediffmail and Sify.
Sources in the security establishment revealed that the NTRO's bid to find surreptitious access to the US service provider giants "continues", though their "competence remains suspect" in the face of the advanced encryption standards employed by Google, Microsoft, Yahoo!, Apple, Skype, Facebook and Twitter among others. The objective of the NTRO, which is not authorized by law to undertake electronics surveillance or signals interception within India, was to access emails, chats and photographs besides login details of users.
Only nine agencies - the Intelligence Bureau, Central Bureau of Investigation, Economic Intelligence Bureau, the Directorate of Revenue, Income Tax Department, Defence Intelligence Agency, Narcotics Control Bureau and the National Investigation Agency - are permitted by law, the Telegraph Act of 1885 and the Information Technology Act of 2008, to covertly perform electronic surveillance, including telephone tapping, over their targets.
Sources recalled that the "exercise to penetrate" US servers of the American ISPs began in 2006-2007, but these attempts by the NTRO failed to produce tangible results. Efforts to breach the servers continue, through other forms like planting a bug, which, in technical parlance is called a " trapdoor". The "trapdoor" is a small computer programme that can potentially "capture" emails and chat conversations before transmitting them to a remote computer. These are also used to surreptitiously access instant messages or chats between users over smartphones.
A controversy that broke out in March this year is a pointer to some of the secret and unlawful means that the NTRO has adopted to break into emails and log details of government employees across several central ministries. Sources said that NTRO officials asked the National Informatics Centre for the log details of government servants. It was then allegedly able to penetrate the NIC's database of employees to snoop on their emails. This covert operation was detected by the NIC which lodged a formal complaint with National Security Adviser Shiv Shankar Menon. An inquiry that followed has yet to pin any responsibility.
A more covert means that the intelligence community has devised to monitor electronic transmission and signals across the country is a mechanism called the Central Monitoring System (CMS), under the Department of Telecommunications (DoT), for which a budgetary allocation of Rs 600 crore, only for infrastructure, has been already been made. The CMS's objective will be to not only obtain metadata - essentially user log details, and no more - but also real time transmission of phone call records from the states to the central facility that is in the process of coming up on the Mehrauli-Gurgaon road.
Previously, a central agency monitoring telephone calls would produce a warrant before the service providers for seeking calls details.
But since 2007, central intelligence and law enforcement authorities effected an amendment to the licensing conditions for service providers. Under the new scheme of things, it will be the service providers' responsibility to deliver contents of suspect telephone conversations at the doorsteps of the agencies performing surveillance operations.
A third method by which the NTRO, the army and intelligence agencies, responsible for domestic intelligence gathering, bypass the law is by clandestinely employing off-the-air interceptors. It is understood that permission from the Union home secretary is not needed, or taken, to operate the off-the-air interceptors, giving the user deniability. The off-the-air interceptors give their users direct access to signals traffic, including telephone conversation and other "chatter."
What is the NTRO?
The agency is mandated to collect intelligence on foreign subjects and its operations are meant to be offshore. It reports directly to the national security adviser.
Source : timesofindia