MUMBAI, India — The terrorists who struck this city last month stunned authorities not only with their use of sophisticated weaponry but also with their comfort with modern technology.
The terrorists navigated across the Arabian Sea to Mumbai from Karachi, Pakistan, with the help of a global positioning system handset. While under way, they communicated using a satellite phone with those in Pakistan believed to have coordinated the attacks. They recognized their targets and knew the most direct routes to reach them in part because they had studied satellite photos from Google Earth.
And, perhaps most significantly, throughout the three-day siege at two luxury hotels and a Jewish center, the Pakistani-based handlers communicated with the attackers using Internet phones that complicate efforts to trace and intercept calls.
Those handlers, who were apparently watching the attacks unfold live on television, were able to inform the attackers of the movement of security forces from news accounts and provide the gunmen with instructions and encouragement, authorities said.
Hasan Gafoor, Mumbai’s police commissioner, said Monday that as once complicated technologies — including global positioning systems and satellite phones — have become simpler to operate, terrorists, like everyone else, have become adept at using them. “Well, whether terrorists or common criminals, they do try to be a step ahead in terms of technology,” he said.
Indian security forces surrounding the buildings were able to monitor the terrorists’ outgoing calls by intercepting their cellphone signals. But Indian police officials said those directing the attacks, who are believed to be from Lashkar-e-Taiba, a militant group based in Pakistan, were using a Voice over Internet Protocol (VoIP) phone service, which has complicated efforts to determine their whereabouts and identities.
VoIP services, in which conversations are carried over the Internet as opposed to conventional phone lines or cellphone towers, are increasingly popular with people looking to save money on long distance and international calls. Many such services, like Skype and Vonage, allow a user to call another VoIP-enabled device anywhere in the world free of charge, or to call a standard telephone or cellphone at a deeply discounted rate.
But the same services are also increasingly popular with criminals and terrorists, a trend that worries some law enforcement and intelligence agencies. “It’s a concern,” said one Indian security official, who spoke anonymously because the investigation was continuing. “It’s not something we have seen before.”
In mid-October, a draft United States Army intelligence report highlighted the growing interest of Islamic militants in using VoIP, noting recent news reports of Taliban insurgents using Skype to communicate. The unclassified report, which examined discussions of emerging technologies on jihadi Web sites, was obtained by the Federation of American Scientists, a Washington-based nonprofit group that monitors the impact of science on national security.
VoIP calls pose an array of difficulties for intelligence and law enforcement services, according to communications experts. “It means the phone-tapping techniques that work for old traditional interception don’t work,” said Matt Blaze, a professor and computer security expert at the University of Pennsylvania.
An agency using conventional tracing techniques to track a call from a land line or cellphone to a VoIP subscriber would be able to get only as far as the switching station that converts the voice call into Internet data, communications experts said. The switch, usually owned and operated by the company providing the VoIP service, could be located thousands of miles from the subscriber.
The subscriber’s phone number would also likely reveal no information about his location. For instance, someone in New York could dial a local phone number but actually be connected via the Internet to a person in Thailand.
In Mumbai, authorities have declined to disclose the names of the VoIP companies whose services the Lashkar-e-Taiba handlers used, but reports in Indian news media have said the calls have been traced to companies in New Jersey and Austria. Yet investigators have said they are convinced that the handlers who directed the attacks were actually sitting somewhere in Pakistan during the calls.
One senior Lashkar-e-Taiba leader who American officials believe may have played a key role in planning the Mumbai attacks is Zarrar Shah. Mr. Shah, known to be a specialist in communications technology, may have been aware of the difficulties in tracing VoIP.
To determine the location of a VoIP caller, an investigating agency has to access a database kept by the service provider. The database logs the unique numerical identifier, known as an Internet Protocol (I.P.) address, of whatever device the subscriber was using to connect to the Internet. This could be a computer equipped with a microphone, a special VoIP phone, or even a cellphone with software that routes calls over the Internet using wireless connections as opposed to cellular signals.
It would then take additional electronic sleuthing to determine where the device was located. The customer’s identity could be obtained from the service provider as well, but might prove fraudulent, experts said.
Getting the I.P. address and then determining its location can take days longer than a standard phone trace, particularly if service providers involved are in a foreign country.
“Ultimately, we can trace them,” said Mr. Gafoor, referring to VoIP calls. “It takes a little longer, but we will trace them.”
Washington is assisting the Indian authorities in obtaining this information, according to another Indian police official who also spoke anonymously because of the continuing investigation.
Further complicating this task is the fact that I.P. addresses change frequently and are less tied to a specific location than phone numbers.
Computer experts said that while these challenges were formidable, none were insurmountable. And they cautioned that security services and police forces might be disingenuous when they complain about terrorists’ use of new technologies, including VoIP.
The experts said that VoIP calls left a far richer data trail for investigators to mine than someone calling from an old-fashioned pay phone. Mr. Blaze, the computer security expert at the University of Pennsylvania, also noted that 15 years ago the Mumbai attackers would probably not have had the capacity to make calls to their handlers during the course of their attacks, depriving investigators of vital clues to their identities. “As one door closes — traditional wire line tapping — all these other doors have opened,” Mr. Blaze said.
December 9, 2008
By JEREMY KAHN
Copyright 2008 The New York Times Company