India has taken measures to ensure that the mails of politicians and government officials are not snooped into. While this is one major threat that the government had to deal with the next problem that need to be dealt with is spoofing.
Recently reports showed that the ISI had picked up information regarding Indian army posting in Rajasthan and Jammu and Kashmir. A technique known as spoofing was deployed by the ISI through which it gathers vital and sensitive information.
What is a spoofing attack?
In basic terms a spoofing attack is when a person masquerades as another by falsifying data to gain an illegitimate advantage. While there are many ways to spoof, the most popular have been caller ID and GPS spoofing.
A voice over internet protocol allows a caller to forge the caller ID information and present false names and numbers. Most of the time the spoofed calls emerge from another country.
The most popular way to spoof is called GPS spoofing. In this method the attacker deceives a GPS receiver by broadcasting fake GPS signals which resemble the normal GPS signal.
The signals are modified to cause the receiver to estimate its position to be somewhere else other than where it actually is.
India's spoofing problem:
We have seen various instances where the ISI and other spy agencies have used spoofing against India. During the 26/11 attack, the Lashkar with the assistance of the ISI had used sattelite phones as a main mode of communication.
India had accused Pakistan of spoofing the signals of the satellite phones being used by the terrorists which in turn made it look as though the calls were not coming out of Pakistan.
These communications which are carried out by spoofing the GPS signals are extremely difficult to trace. Most of the time it would appear as though the calls are emerging out of one's backyard when that it never really the case.
In the 26/11 attack the terrorists continued to communicate for long hours. It was extremely difficult to detect where the calls were coming out of.
When the investigators began to track the calls, they realized that the numbers that were being displayed were not from the originating station.
-Spoofing attacks are more effective than snooping
-GPS spoofing is the most preferred method for the ISI
-High quality transmitters set up by Pakistan to sppof calls
-26/11 attack used spoofing technology to confuse Indian investigators
-GPS spoofing sends out wrong location of caller
Setting up of high quality transmitters:
The ISI has dedicated stations which offer spoofing to their terrorists or proxies. There are a number of high quality transmitters that have been set up along the border in a bid to spoof the signals. The security forces and the intelligence agencies are very easily able to pick up the conversations, but are never able to detect where the calls are being made from.
Sending out false locations:
Most of the time the spoofing technique is used to confuse the enemy. Pakistan has very often used this technique to confuse India. A call is made and when the intercepts are picked up, they continue to speak about a particular location where they plan to carry out an attack.
In most cases, terrorists have managed to raise a false alarm by sending out GPS positions which are fake. In few cases it has been found that a signal was being sent out of Sri Lanka while in reality the call was being made from Sri Lanka.
Another method of spoofing that the ISI has used is extremely childish in nature but equally effective as well. A genuine call is made and the caller poses as an army official.
He connects to an important office poses as an army officer and asks for simple information such as, " have the troops moved?" The person on the other side would not take the risk of asking the caller who exactly he is fearing that he may get a dressing down.
Several calls have also been made to railway stations asking the station master if a train with the armed forces have moved. The station master never questions the person on the other side and very often gives out the information.
Information regarding troop movement comes in handy for the enemy since they can position their troops accordingly. The problem is that the protocol is never followed out of fear.
Ideally the person receiving the call is supposed to tell the caller that he or she would call back. The receiver of the call is also supposed to ask for the number of the caller and tell him that he will get a call back in two minutes.