This post has been updated to take out some points that were misunderstood by me and have been clarified and another issue which appears to be resolved.
Okay, I'm spooked. I don't understand this enough to even claim something is wrong. This is the most bizarre "email situation" I have ever seen.
It began with the government giving the address firstname.lastname@example.org as the email address for citizens to send tip offs to the government about people who have black money. Leaving the Nazi like technique aside, I was puzzled by the address, as the Indian Income Tax Department's website is incometaxindia.gov.in
So I tried to find the website this email that the government provided belongs to. It doesn't exist. Okaaay. Does the domain exist? It does. And it seems to be registered to the income tax department as well. So far, so good.
Got a brainwave. If it was a server configured only for email, it wouldn't be seen by looking up domain, which looks at website address on port 80. So I did an MX lookup (that would be specifically for email server). Bingo! There it was, configuration errors and warnings and all, hosted on a subdomain pdcsmtp02.incometax.gov.in - which apparently is blacklisted for SPAM!!! The IP address for this is 22.214.171.124 (more on this later) and the reverse IP address does not match. It is for mail.incometaxindia.gov.in!!! Which seems to be blacklisted on FIVE spam lists? So the replies to the email will either not be received by people, or they will be received. It is unclear what has got the domains a spam status. The reasons could range from a relatively benign misuse of official address by a few employees to the server being compromised and used to send spam to even worse, the server being infected and emails could be infected too (spam is often the vector for malware, which is why you never click links in it, remember?)
Anyway, spam or not, whatever it was, I thought I'd found the holy grail. I tried going to the subdomain pdcsmtp02.incometax.gov.in. Page never stopped loading. It is still loading as I write this article. I have no idea what is on the other side. This is like a sarkari Darknet site.
I tried pinging it. Nothing. Depending on tool used, DNS service returns "domain not found" "name or service not found" etc.
On a relatively unrelated note, the IP address the Income Tax Department mail server is on, is hosted at DIT Jhandewalan and managed by a Mr. Simanchal Dash using his personal email address on yahoo and uses a Bharti Airtel network. Mr Simanchal Dash is personal secretary to Finance Minister Arun Jaitley. A server is important and official property. It is unclear why the secretary of the Finance Minister controls the server for the income tax department using a private yahoo account, and not an official government email or, for that matter why the government needs to buy network connections from Airtel.
The group of hackers made a tweet claiming not to be affiliated with the BJP.
Which is all very excellent, except there are some very good reasons to believe that the hackers could indeed be affiliated with the BJP. And BJP has a long history of its fronts being "apolitical" or "not-affiliated", going right back to a notable event I attended in 2009 or 2010 (I forget), organized by "Friends of BJP" - which claimed to be an apolitical group. Countless Hindu Sena this that and the other variants have conveniently popped up to attack targets of BJP at opportune moments and vanished into obscurity.
India Against Corruption ran a nationwide protest against the previous government. An "apolitical" organization, that just happened to be amply funded by the RSS, included plenty of BJP affiliated public figures, AND had protests happening in front of every BJP office, was... apolitical.
For that matter, the RSS itself, whose members form a large part of the government and who gets foreign funds for rescue and social work, but managed to put LAKHS of its workers on the streets campaigning for BJP's Lok Sabha electoral campaign is.... (you guessed it by now) an apolitical, cultural organization. I hope you get my drift. If it walks like a BJP affiliate, acts like a BJP affiliate, quacks like a BJP affiliate AND it claims to be apolitical...
A heads up by the BJP insider handle
A handle calling itself "BJP insider" had tweeted in July that BJP's IT cell had recruited professional hackers to hack and suspend accounts causing problems to boss (Modi) on Twitter and Facebook. This handle has been around for a couple of years at least and consistently tweets what it claims is the scuttlebutt around BJP headquarters.
Our IT cell has recruited professional hackers to hack and suspend accounts who are causing problems to boss on Twitter & Facebook.
By itself, it may not mean much, as several months had passed. Or it could mean a lot. Who knows. It is hardly like BJP has never hired people to do their dirty work online.
Rumors of targeting of political opponents and critics being planned
After the second week of demonetistion, there were several rumors that BJP had plans to target political opponents in various ways. The manner in which they circulated and the variety of actions being suggested as possible don't suggest a single source.
Also some deliberate events happening to discredit conspicuous critics of the demonetisation gave credibility to the rumors. For example, the most popular one expected was Income Tax raids on people. However the "false alarm" with Mamata Banerjee as well as ex-Prime Minister Manmohan Singh under investigation for a scam within days of a powerful speech and article pointing out concerns about demonetisation certainly raise questions about the timing.
The targets of the hacks
All the identities targeted are top targets of BJP's online troll gangs. Both individuals and organizations. Incidentally, once this was raised, @Joydas was among the first to comment that a token BJP hack would happen. And it did. No undesirable tweets got posted and a large "dump" of their database was apparently put up that no one seems to have downloaded (because the hotshots basically DoSed their own server with it, looks like). What is in it could be anyone's guess. But given the complete lack of agitation in the bhakts normally frenzied about the slightest adverse development, it is difficult to believe this to be an adverse development.
Symptoms of BJP's photoshop industry at work
Screenshots posted of what appears to be a transaction notification email to Barkha Dutt from the Standard Chartered bank have two glaring issues.
Should be recipient, yes? Strange to believe that either Standard Chartered or a mobile application coder good enough to get the interest of a "hacker" would make such a basic mistake. Leads one to question whether the screenshots are real. It wouldn't be the first time the BJP's photoshop department threw up an "original" document, only to reveal themselves with atrocious spelling mistakes (entire political science, anyone?)
Standard Chartered seems particularly lazy about sending notifications
When is the last time you received bank notification of transaction a day after it happened? And that too for what would apparently be a VIP account given the balances claimed. And no, there doesn't seem to be the possibility of a transaction done just before midnight and notified after midnight, given that this is the afternoon of the next day.
What email application is it anyway?
While I admit I didn't search very hard, I did employ the assistance of google search. The only match anywhere in applications seems to be one called "fake text messenger" - unless of course the hacker built their own email app or has something obscure. Or it may be some custom OS - who knows, maybe will help cops trace the phone.
What navigation is that anyway?
There doesn't seem to be any "menu" provided for this "email". Back arrow next to the icon one can understand - goes back to the archive. Where would an arrow pointing right go? Twitter? :p
No need to delete, archive, etc and reply is out of question of course, given the quality of spellings.
What's that url again?
We have here a banking notification that points to a mobile site at one place and regular site the other. No https (though the url will redirect). Who in the world points to mobile sites in notification emails in the age of autodetection? Probably "hackers" who hack using mobile phones. Either they are very very good or nowhere near the server, given how tricky mobiles can be.
Whoever has seen an email from a bank that ends like this?
No disclaimer text "this is an automated email blah blah blah" What to do if you've got a notification for a transaction you didn't do, etc. No support email... No sign off... really? With half the email being an overlap, unlikely they had to cut it off for space.
Though in all honesty, I don't have a Standard Chartered account, and they may have the casual approach to notifications. If you do have a Standard Chartered account, do me a favor and send me a screenshot of a notification (blurring as appropriate) on Twitter? My handle is @Vidyut
And well, finally... what the hacker chooses to see or ignore
Some emails supposedly "leaked" by the hacker are like total Kashmir Pakistan obsession. I mean seriously, a politically indifferent hacker gets into a big journo's account, and all he can find is emails on Kashmir? ok.
This is probably the first when a hacker out to "expose" missed actionable information (or even to seek it, looks like, if this is the highlight of the hack). For that matter, it could be anyone's inbox.
Worldclass hackers, put up a 98MB download with piddly bandwidth, DoSed their own expose? Hilarious. I suppose by the time the traffic goes down, BJP will have it taken down as "action taken".
If you can download the files they have posted, I would highly recommend you not do so unless you know what you are doing and have secured your machine appropriately. If you have to ask how to, don't.
Maybe it is possible that Legion ain't BJP backed. I'll believe it when BJP arrests them. Surely an attack on a political party, account of an MP and journalists - who have protected sources who could be at risk - warrants investigation and arrests right? So let us see.
Just two days ago, we were laughing our heads off at "wget" jokes because the prosecutor in Bradley Manning's trial asked him about using the Linux command "wget" as though it were a dangerous hacking tool, when in reality it is a fairly routine command used to get files. To a world ignorant about what it means, the method of asking itself would convey implications that it was a crime. An offline legal process ignorant about computer terminology.
Today, we saw worse. A fairly bizarre show by Rahul Kanwal on Headlines Today saw Somnath Bharti accused of things that make no sense if you look at the evidence on hand. The show makes several allegations about Somnath Bharti which are highly exaggerated and rather reckless to say about an MLA on National TV. Fact checking some of the stuff.
Somnath Bharti was world's worst spammer
To the best of my knowledge, this is an outright lie. The ROSKO (Register Of Known Spamming Operators) is a list of "hardcore spam-gangs" maintained by Spamhaus and lists spammers who have been banned by 3 or more ISPs. In 2005, the top 200 of this list had 3 Indian spammers. One of those Indian spammers was Somnath Bharti. This is not a compliment. However, I have found no source for him being the "worlds worst spammer". As far as I know, the title given to the program is a lie.
Kejriwal demanded proof, so it was hunted down and interpreted creatively enough to somehow support a demand for action
Rahul Kanwal begins his show with a bizarre justification. Kejriwal wanted proof to act against his ministers, so Rahul Kanwal has found him proof. Considering the amount of effort that went into digging a decade old story, it is fairly clear that this is a character assassination quest rather than anything remotely resembling news. While Headlines Today is free to broadcast what they like, I am going to take this as a deliberate mud finding and slinging expedition. Particularly since it deals with a case that is a decade old, and proves zero, but goes out of its way to imply that a certain MLA of a certain party trades in porn - in particular this is significant, because there is exactly zero evidence of Somnath Bharti's involvement with porn.
Somnath Bharti sold porn domains?
Now Somnath Bharti appearing in a "top spammers" list is a little suspicious by itself. The stated "rules" for putting someone on that list is a "three strikes" kind of thing, where three ISPs have to ban the operation for spamming before it goes on the ROKSO list. However, as Conrad Longmore, the person who "exposed" Somnath Bharti himself puts it, it was him pointing out Somnath Bharti's association with Topsites that was enough to get him into the list. It is unclear what three ISPs banned Somnath Bharti for him to qualify, but Spamhaus is fairly aggressive on that front, and supporters of spammers go on their block list as well or Topsites may have got kicked by three ISPs while Somnath Bharti was associated with it. So you don't have to spam, even if you tolerate spam, you're it. That wouldn't get Somnath Bharti on the ROKSO list, but I'm assuming Topsites must have been on the ROKSO list at that point, since at no point does Conrad Longmore actually expose anything related with spamming.
Additionally, while Spamhaus is a well recognized anti-spam service, it has no authority in terms of law enforcement. At best it flags spammers very well. This can be appealed against, but there is no neutral body accepting or rejecting appeals, and the word of Spamhaus is all it takes for your name to be kept on or taken off the lists. That said, Somnath Bharti is not currently on any list there.
Conrad Longmore's expose was of a business directory scam, which would involve getting people to pay for a listing in a directory, emails for which, I assume would go to official emails for websites provided for contacting - as opposed to unsolicited mass emails on random accounts - considering that the scammers are trying to deliver an invoice to get paid. Scam, yes if the listings purchased were not delivered. Spam? Unclear.
Somnath Bharti has consistently denied involvement with TopsitesLLC, including in 2004 itself, when his denial got added to the expose listing him. It is now 2014. He is still denying it, in spite of his visiting card being published there 10 years ago. So either he is stupid or there is more to the story than it seems. And there is a bit of a grey area, where Somnath Bharti is clearly involved, to whatever extent. My guess would be a flunky conned into buying into the business or becoming a front for it. That TopsitesLLC existed well before they "picked up" Somnath Bharti is fairly clear from Conrad Longmore's work. That Somnath Bharti was included in the trial when Dan Balsam sued Topsites for spam is clear as well from court records quoted in PCquest
"Directories LLC, Topsites, LLC, Paperless Mail, Inc. Paul Aunger, Somnath Bharti and David Nale have agreed to use only confirmed opt-in e-mail addresses when sending commercial messages and have further agreed to pay Plaintiff Five Thousand Dollars ($5,000) in damages."
What is not clear is the level of Somnath Bharti's involvement in the spamming. Somnath Bharti said the settlement was easier than the cost of fighting a lawsuit in the United States, which is logical. Dan Balsam is an anti-spam activist who makes a full living out of court settlements from suing spammers. So, it also may not have seemed legally viable (my guess). Conrad Longmore himself is unclear on how much of the profits went to Somnath Bharti.
As for Rahul Kanwal showing registration records, it doesn't mean anything. As a test case, I have registered kapat.in (which will contain exposes that will make the government furious, one day) in Rahul Kanwal's name, deliberately making it clear that it is a test case. If I knew his contact info, I could plug it in there, and he'd never know he owned a domain. So, if Somnath Bharti is saying for 10 years that he isn't involved, it doesn't seem all that bright to take registration records and substitute them for his answer, unless Rahul Kanwal wants to answer for what I put on "his" website, right?
If it is a noted spammer serial registering disposable domains to discard when they get banned, why wouldn't they put names of random people they picked up or even use that "ownership of internet property" as a flattering selling point to hook people? You really think the owner of an operation will hand over ownership of operations and internet property to the new chap he picks up? You clearly have a lot to learn about the internet and "proof".
The crux of the issue really is:
By TopSites LLC's own admission, they were turning in $1.8 million a year by 2005. How much of that money made its way to Mr Bharti is a mystery. And quite how Mr Bharti reconciles his questionable past business practices with his membership of an anti-corruption political party is also a mystery.
If Somnath Bharti was taking in a share of a profit of 1.8 million in another country, that would show up as a paper trail unless Rahul Kanwal also imagines illegal channels of transferring funds. A random comment by a supporter indicates that his income tax returns don't show any such income. Rahul Kanwal doesn't show a shred of proof that any money came Somnath Bharti's way. Somnath Bharti himself is claiming identity theft.
"Back in early 2000, server of Madgen Solutions Pvt Ltd was entrusted with an associate by me who misused it without my consent/knowledge. When the matter cropped up, I came to know that the said associate had generated mass emails soliciting business and had also impersonated me on multiple occasions. On exploring I found out that the emails generated were for a legitimate business, originating from a valid traceable IP address and in proper compliance with the laws applicable in the US, ie CANSPAM Act, then... hence this breach of trust between me and this associate of mine was not pursued in a court of law."
I detour to disagree with Conrad's new analysis of guilt and "fingerprints all over", etc and don't think it refutes Somnath Bharti's claim. If the claim is of identity theft, it makes sense that the identity was used everywhere. Hardly likely that the real scammer will expose his own identity if "Somnath Bharti" is what he uses. Also, if this is a person with admin access to the server, he can pretty much do what he wants with it as admin, including putting the topsites briefly on Somnath Bharti's page. It would be phenomenal gullibility, but this is also ten years earlier.
As of this moment, I have access to the administration of six websites that have nothing to do with me. Simply login details given to me when I helped someone over the years and people aren't all that careful with changing passwords. You think if I were inclined toward doing any dubious dealings using them, I'd use my own name to be exposed?
My point is not that Somnath Bharti is innocent. It simply is that whether innocent or guilty, 1. he is responsible for what goes out from his server and 2. he has an explanation that sounds possible, though not probable. 3. I do not believe Conrad is a neutral party on this issue anymore. Not defending 10 year old work that suddenly gets slashdotted into orbit. I don't imagine anyone is going to go "Oh, his explanation makes sense and you probably should ignore my work" - he may not be wrong, but his follow up story assumes that he continues to occupy an investigative space on the Somnath Bharti issue, which I don't buy and I also don't see in his work this year. For example: "Now, I'm not an expert in Indian law (and detractors of Mr Bharti say that he isn't either) " ad hominem is a space his earlier work doesn't occupy.
[inlinetweet prefix="" tweeter="@RahulKanwal" suffix="null"]There is evidence to prove that Somnath Bharti has been selling domains to porn websites. ~ Rahul Kanwal[/inlinetweet]
It is further seen from his presenting Somnath Bharti's links to porn sites, which Rahul Kanwal picked up and blasted onto National Television. Here's the deal. The Topsites were basically scraper sites of DMOZ - they duplicated content found on dmoz.org and the teenage-porn listing that got copied probably came from a page that got later taken down. I am sure there would be other "objectionable" listings.
[inlinetweet prefix="" tweeter="@MadhuKishwar" suffix=""]Even if pornography were legal in India, it is hardly a respectable way of earning a living. ~ Madhu Kishwar[/inlinetweet]
This is akin to blaming Google for its search results. You can find something objectionable and ask for it to be taken out manually, but to say Google showing listings for porn means the CEO of Google has porn links... is stretching the imagination. Now I am even less of a legal expert, but the well hated IT Rules in India would consider him an intermediary who gets a free pass as long as he takes down the objectionable content, etc etc. Because not even our law makers are that foolish.
[inlinetweet prefix="" tweeter="@_AamJanata" suffix=""]Woh saari baatein vastavikta hain, jaisa paper dikhta hain, waise hi hain. ~ Vinod Kumar Binny[/inlinetweet]
Vinod Kumar Binny speaks like some kind of an Aam Aadmi Party expert and claims that what the papers say is correct. This basically means he is an authority with enough knowledge to confirm the allegations. Vinod Kumar Binny needs to explain why if he thought a guy on his team dealt in porn websites, why didn't he speak up. Why didn't he speak up even after going on random rants against AAP. What is his authority and knowledge to confirm Rahul Kanwal's allegations?
Prasanto Roy believes that Somnath Bharti is a scammer. But he makes no mention of who got scammed. The supposed scam is described by Conrad Longmore, who himself writes that no case has been filed against Somnath Bharti or Topsites for it. His original expose itself says that Topsites does issue refunds if pressed. Prasanto makes it appear that the data is acquired, implying that he has no real right to it, but the Open Directory Project data is free for anyone to use. It is publicly available for reuse. So here we have a digital journalist who appears to have a grudge about commercial reuse of open content?
As for contacting people and asking them to pay for listings, I hope Prasanto has heard of "Just Dial", because God knows I've got enough calls from them trying to sell me a listing. He means the owner of Just Dial is not respectable enough for a political party? And his opinion matters, why?
That said, past gullibility is no answer, and if there is criminal or other responsibility that must be assigned, then Somnath Bharti should either expose the person who did it, or bear the responsibility of what happened on his server (which for all intents and purposes means he did it - whatever he claims). But wait. Conrad makes it clear that no case about bogus directory listings was ever brought against Topsites or Somnath Bharti. The one case in US that Somnath Bharti did settle out of court was not a criminal case. So what accountability does Rahul Kanwal actually want?
Spam is not illegal in India. No one complained about his supposedly fraudulent business practices that were the cause of the original expose Conrad did and he states it clearly himself. We could whine about the porn listings, but the IT Act and IT Rules didn't exist when the expose was done. In any case, the sites are gone, and in the random chance they still exist, Rahul Kanwal can complain and get any problematic listings taken out. So why is everyone hearing about how an MLA is into porn as business, "world's top spammer" etc? That too present tense implied for the most part? Never mind. Answer the courts. I can't imagine Somnath Bharti letting this go. I wouldn't.
Now here is the cinching part. Spamming is ugly, we all hate it, it isn't ethical, etc etc. In India, spamming is not illegal. So I have no idea what proof Rahul Kanwal is showing to Kejriwal that he is talking about in the beginning of the show.
Basically, here you have a journalist targeting a political personality with invitees from supporters of competing political parties and one ex-member with a grudge, in a pre-election mood and have left knowledge of internet laws and facts to the wind. I mean seriously, does one believe "internet expert" Madhu Kishwar opining on a directory listing for porn as "making a living" from porn? This is a political soap opera with a "novelty" theme at best.
Highly suggest that Rahul Kanwal leave tech reporting to techies.
Writing this post specifically, because I am normally a vocal supporter of Anonymous and their efforts in freeing the internet. This is one action I do not support.
A few days ago, I retweeted a link to a leak of police data by Anonymous. I should have checked the file first. Contrary to my expectation that there would be important information of interest to the public, it turned out to be a general catalog of complaints made to the police, and while there are enough allegations about all kinds of things, there are unsubstantiated personal views of people filing complaints, and the kind of stuff you would expect to be passing through any police station.
Today, after reading a news story on the leak, I checked the files again, and am convinced that Anonymous made a mistake. This leak does not serve any purpose of fighting government wrongs against citizens, and puts the private information of a lot of people at risk, since while numbers and emails were redacted, names, addresses and so on were not. In my imagination, this was a part of the fight Anonymous was supporting - to protect privacy, but it clearly seems to have gone awry somewhere.
In the article, Anonymous do mention that they are capable of learning from mistakes and it is my suggestion that they make all efforts they can to delete these files off the internet, communicate whatever vulnerability they used to gain access to the database to the police so that it can be fixed and avoid leaks of personal information in the future.
Crossing boundaries of privacy is not useful in a movement that fights censorship and spying on personal information.
Anonymous for the past many weeks had been protesting against the attack by governments and corporations on the freedom of speech and expression guaranteed to to every Indian citizen by the Constitution of india.
The protest began when the Indian ISPs began blocking file sharing sites and other websites under the order of the madras high court.
But was understood as and over done circus due to the fact that entire websites became unavailable when in reality specific URLs were to be blocked.
This we see as an attack on the right to free speech.
The government today censors almost all medias, the press is heavily controlled and hence is unable to speak the truth frankly without taking sides.
During this time it is the Social Media that exist on the Internet that helps people share and know the truth. This is the reason why the government is desperately trying to control the internet. Once the INTERNET is censored we will loose the last and final tool we have left to exercise our freedom of speech and opinions.
Saying that we have right to speak freely and not giving us a tool is a totalitarian system where a sense of false freedom is induced. Hence we Anonymous are today calling to the Indian public to stand up and start fighting.
You the people are the power that should be ruling your country. And not a group of powerful and wealthy corporations and politicians.
On June 9th we will be organizing massive protests in multiple locations all over the country and we are calling every one who can be there to be there. We remind the Indian public that trusting a corrupt government to solve corruption and other problems is like expecting a serial killer to catch himself.
The movements will assigned within the title of Occupy India that will be kicked off this June 9th
The Cities that are getting ready to take part are Bangalore Delhi Mumbai Culcutta Chennai Kochi Mumbai Hydrabad and many more. Any one who feels they need this movement needs to be in their city can start a FB page for the Occupy City movement and let us know about it. We call on the people to help spread this message and get your friends and family to join this noble cause.
This is to be a 100% Non-Violent Civil rights protest.
We will be updating the all the required information to http://opindia.posterous.com/anonymous-to-stage-street-protest-on-9th-june Our twitter handle @OpIndia_Back can be used to communicate with us any time. As planned the protest will take place by 3PM IST on June 9th the Saturday.
The directives for the safety and proper functioning of the protest is available at http://pastehtml.com/view/bzi0nxrkz.html
Remember people of India if you do not wake up and fight, No One Else will do it for you.
We are calling for the 99% to rise against the 1% who is trying to steal from their great nation and make them their slaves. We call to you India Rise India We are with you and let us together start the revolution to make this place a better one
We ALSO CLEARLY DISCLAIM ANY CLAIMS BY POLITICAL PARTIES OR GROUPS IN SUPPORT OF US WE DO NOT LINK WITH ANY GROUP AND ANY GROUP THAT TRY TO LINK SO IS TRYING TO FOOL THE PEOPLE