The people who died today taught us a very important lesson that its not only our job to remind our elected officials of their responsibilities but also see to it that, they actually do the work.
Name changes v.s. Foot Over Bridge construction
Unknowingly, Sachin Tendulkar, asked the most important question in Rajya Sabha under the circumstances - He raised a question in 2016 about the status of Foot Over Bridge (FoB) at the Elphinstone railway station.
In response, the ministry stated that the work was sanctioned in 2016 and unfortunately, as we now know, nothing much happened. This is despite the umpteen number of tweets, letters and other forms of communication (pictures and tweets in the blog) , where the commuters had raised serious concerns about the imminent dangers.
On the other hand, the Maharashtra state assembly passed a resolution to change Elphinstone station to Prabhadevi in Dec 2016, which was approved by the center in April 2017. According to the news sources, the name change was to take effect in Sep 2017.
While the ministry was quick to announce the compensation for the kith and kin of the deceased and those seriously injured, it was anything but quick to begin the sanctioned work.
Below is a list of tweets sent to the authorites forewarning the imminent threat to their lives
Something strange came to my attention today. An otherwise anonymous Twitter profile, but it had an Aadhaar UID number in the place of the name. The profile said the person was a IITian, a Brajwasi, Swayamsewak, BJPite, Gaurakshak and slave of the Indian state. Oooookay.
After speaking and tweeting and writing critically about the Aadhaar (as well as the Modi government), finding Modi supporters who will go to any extents, however insane to defend whatever he does has sort of started looking like a normal occurrence.
I believed that the Twitter handle was challenging those who claim that Aadhaar to be vulnerable to hack it and prove it. After all, Aadhaar's greatest fake troll profile, run by Sharad Sharma himself had once tossed out a number saying it was an Aadhaar number as a challenge. It wasn't inconceivable that another person would pull a similar stunt.
Okay, so that raised the stakes a bit. Someone's UID was out there. You read "gourakshak" on a profile and given the sort of news making headlines on a daily basis, you want to make sure at the very least that it is their own identity they are compromising and not some hapless other persons. So I decided to find out who he was. It was fairly easy to find his Facebook profile. That gave me his name and surname. Searching for that name and surname along with "Uttar Pradesh" (from the UIDAI website in above screenshot) got me one potential hit on a relatively less known networking site.
I now had an email and phone number. The last three digits of the phone number didn't match those on the UIDAI website - last digit was different. As far as phone numbers go, a non-match is a non-match, but I remember making a note of it. I plugged the number I had into truecaller. That number gave me a domain name as his website.
The .in TLD doesn't offer privacy - I know this as someone who owns .in domains. So the chances were good that the information he provided the registrar while booking, was public. So I checked the whois data of that website, and voila. I had a phone number for him with three digits that matched the UIDAI website, as well as an address. Incidentally, it differed from the first number by only one digit.
Truecaller showed his name for the second number as well. This isn't a careless man. This phone profile hardly had much public information and it was used for what you'd call digital assets - ownership of a site, ownership of digital identity. The other seems to be the one for more casual use. But he'd made a big mistake using it for buying a domain that didn't protect his contact information.
How far can a person go with this information? I don't know. Available information suggests very very far, with some skill and tenacity. But it was about as far as I was willing to go to make a point about an irritation on Social Media. So far everything I had accessed was publicly available information, only collected from various sites and the address and three digits of the phone number matching that gave me the verification of the anonymous profile was publicly available information. The government may not believe citizens have a right to privacy, but I do, so I did not proceed further. I had all this is in less than 15 minutes of idling around on my computer. No major effort needed.
I may have drawn an ethical line, but I wasn't done being irritated with the foolishness and decided that at the very least, a good scare was in order. I would ask him why he had put that number there, and if he issued a Sharad-like challenge to hack it, I'd reply with partial data for his personal information to show how easy it was to know his Aadhaar number and the phone number linked to it and given the straight matches in data, I wouldn't be surprised if the address was correct too.
So I asked him. And I was in for the shock of my life. You may read the Twitter conversation that followed from this tweet on Twitter:
@raghav4india may I ask why you've put an Aadhaar number publicly on your profile?
Suffice it to say, this man is batshit crazy. He is also probably the only Modi supporter I respect. He believes in Modi, but he is alarmed about several of his decisions and is definitely against Aadhaar. He is being forced to link his Aadhaar to everything, so in a protest of extreme compliance, he is attaching his Aadhaar to his identity EVERYWHERE. Twitter included. As you see in the thread, once I realized what he is doing, I was uncharacteristically polite with him. Because damn hell, if this isn't a Gandhian Satyagraha being done by a bhakt no less. Talk of the mind benders Twitter can throw at you. Long story short, I tried and failed to convince him to protect himself. I even told him the information I found out about him and how easily, but he did not relent.
"First they ignore you, then they laugh at you, then they fight you, then you win." - Mahatma Gandhi
Done ignoring him, laughing at his folly, fighting to convince him, I had to concede he won. So I am now helping make sure his sacrifice does not go in vain. Yep. Let history note this moment, I'm openly supporting the actions of a staunch supporter of Modi - of all people.
Here is his explanation for why he is doing this. I hope the Modi and his cartel realize the kind of faith gullible people invest in them and try to serve citizens honestly instead of this digital colonization being imposed on the country without regard for individual or national safety.
I am an IITian. I studied Computer Science & Engineering for about half a decade at IIT Kharagpur. I thereby am quite initiated into the innate nuances and implications of the universe of computing. However my personal convictions took me to serve my homeland in Braj - the land of Sri Krishna - where I have been fighting relentless battles to protect, preserve and restore the heritage associated with Krishna's pastimes.
I have been chased by mining mafia on gun point for resisting their attempt to decimate the heritage hills of Krishna frequented by millions from across the globe; have been wounded by encroachers in our bid to transform sludge tanks back to their natural splendour; have been extended death threats by the goons of religious organisations for pressing the practice of the precept; have been booked under various malicious sections of the IPC by errand officials of the state who couldn't respond to the intellectual contest thus posed. I have been a fighter who has put my entire self to risk to bring home a point. So I don't fear anything.
I do revere Prime Minister Narendra Modi, have immense respect for his sincere hard work, original thinking and political gravitas, but am getting extensively alarmed with his inordinate push for policies, projects and platforms without mulling over their far reaching implications both internally and internationally. Developing India within a single generation is a laudable vision, but can it be advanced at once by pushing the simpleton citizenry of this country to a precipice, remains a perpetual concern for me as a die-hard nationalist, developmental professional and technical insider.
Aadhar is one such platform which never had had enticed me since inception. I have seen it as an abrogation of personal liberties in consonance with Gandhi's discomfort of carrying a fingerprinted ID paper while being in South Africa. Gandhian protest of those times sufficed with the doctrine of Passive Resistance and mass scale Civil Disobedience. But the dynamics in an ever inter-connected information age call for a different set of techniques to protest the supposed wrong doings on the part of powers of the day where citizens are being robbed off their basic liberties by a host of sinister but smart machinizations. You can only offer a creative resistance to such an oppression which does unfurl itself in ennobling eccentricities and eclectic excuses.
I thereby have chosen to 'purge' this all pervading monster of Aadhar by laying it open in the public domain. I chose this 98th Anniversary of Lokmanya Bal Gangadhar Tilak's death as it's somewhere the death of the ideal of Swaraj which he propounded and charged up the nation toiling under the clutches of British tyranny. The Aadhar tyranny is not going to be any different, it would be even worse.
If this is the ID, which would ensure my very existence, let it be out in the open. Let I surrender and forfeit my social identity of my name, surname, caste, religion et al and simply graduate to this all powerful ID. If this ID is required to make India a surveillance state, I am all out eager to wear a badge to this effect and to take a gps tracer injected in my blood stream so that the agents of the state can keep track of me in real time - What all I do, how much I do, how much more productive I can be.
I am all out to surrender myself as the Slave of Indian State, a condemned inmate who has got no rights & liberties. Let this Creative Resistance of mine be explicitly known to the mandarins of the state whose fetish for power is incessantly insatiable. Let me persecute & purge my own self dignity which was dearer to me more than my physical life for this incessant striving for a supposed national transformation. I invite the Indian State and all its actors to pounce upon me and squeeze out the minutest strands of self-pride, honor and self-respect left in me. I am after all an inmate of World's largest prison called India. I am all out to celebrate this. Are you game?
The group of hackers made a tweet claiming not to be affiliated with the BJP.
Which is all very excellent, except there are some very good reasons to believe that the hackers could indeed be affiliated with the BJP. And BJP has a long history of its fronts being "apolitical" or "not-affiliated", going right back to a notable event I attended in 2009 or 2010 (I forget), organized by "Friends of BJP" - which claimed to be an apolitical group. Countless Hindu Sena this that and the other variants have conveniently popped up to attack targets of BJP at opportune moments and vanished into obscurity.
India Against Corruption ran a nationwide protest against the previous government. An "apolitical" organization, that just happened to be amply funded by the RSS, included plenty of BJP affiliated public figures, AND had protests happening in front of every BJP office, was... apolitical.
For that matter, the RSS itself, whose members form a large part of the government and who gets foreign funds for rescue and social work, but managed to put LAKHS of its workers on the streets campaigning for BJP's Lok Sabha electoral campaign is.... (you guessed it by now) an apolitical, cultural organization. I hope you get my drift. If it walks like a BJP affiliate, acts like a BJP affiliate, quacks like a BJP affiliate AND it claims to be apolitical...
A heads up by the BJP insider handle
A handle calling itself "BJP insider" had tweeted in July that BJP's IT cell had recruited professional hackers to hack and suspend accounts causing problems to boss (Modi) on Twitter and Facebook. This handle has been around for a couple of years at least and consistently tweets what it claims is the scuttlebutt around BJP headquarters.
Our IT cell has recruited professional hackers to hack and suspend accounts who are causing problems to boss on Twitter & Facebook.
By itself, it may not mean much, as several months had passed. Or it could mean a lot. Who knows. It is hardly like BJP has never hired people to do their dirty work online.
Rumors of targeting of political opponents and critics being planned
After the second week of demonetistion, there were several rumors that BJP had plans to target political opponents in various ways. The manner in which they circulated and the variety of actions being suggested as possible don't suggest a single source.
Also some deliberate events happening to discredit conspicuous critics of the demonetisation gave credibility to the rumors. For example, the most popular one expected was Income Tax raids on people. However the "false alarm" with Mamata Banerjee as well as ex-Prime Minister Manmohan Singh under investigation for a scam within days of a powerful speech and article pointing out concerns about demonetisation certainly raise questions about the timing.
The targets of the hacks
All the identities targeted are top targets of BJP's online troll gangs. Both individuals and organizations. Incidentally, once this was raised, @Joydas was among the first to comment that a token BJP hack would happen. And it did. No undesirable tweets got posted and a large "dump" of their database was apparently put up that no one seems to have downloaded (because the hotshots basically DoSed their own server with it, looks like). What is in it could be anyone's guess. But given the complete lack of agitation in the bhakts normally frenzied about the slightest adverse development, it is difficult to believe this to be an adverse development.
Symptoms of BJP's photoshop industry at work
Screenshots posted of what appears to be a transaction notification email to Barkha Dutt from the Standard Chartered bank have two glaring issues.
Should be recipient, yes? Strange to believe that either Standard Chartered or a mobile application coder good enough to get the interest of a "hacker" would make such a basic mistake. Leads one to question whether the screenshots are real. It wouldn't be the first time the BJP's photoshop department threw up an "original" document, only to reveal themselves with atrocious spelling mistakes (entire political science, anyone?)
Standard Chartered seems particularly lazy about sending notifications
When is the last time you received bank notification of transaction a day after it happened? And that too for what would apparently be a VIP account given the balances claimed. And no, there doesn't seem to be the possibility of a transaction done just before midnight and notified after midnight, given that this is the afternoon of the next day.
What email application is it anyway?
While I admit I didn't search very hard, I did employ the assistance of google search. The only match anywhere in applications seems to be one called "fake text messenger" - unless of course the hacker built their own email app or has something obscure. Or it may be some custom OS - who knows, maybe will help cops trace the phone.
What navigation is that anyway?
There doesn't seem to be any "menu" provided for this "email". Back arrow next to the icon one can understand - goes back to the archive. Where would an arrow pointing right go? Twitter? :p
No need to delete, archive, etc and reply is out of question of course, given the quality of spellings.
What's that url again?
We have here a banking notification that points to a mobile site at one place and regular site the other. No https (though the url will redirect). Who in the world points to mobile sites in notification emails in the age of autodetection? Probably "hackers" who hack using mobile phones. Either they are very very good or nowhere near the server, given how tricky mobiles can be.
Whoever has seen an email from a bank that ends like this?
No disclaimer text "this is an automated email blah blah blah" What to do if you've got a notification for a transaction you didn't do, etc. No support email... No sign off... really? With half the email being an overlap, unlikely they had to cut it off for space.
Though in all honesty, I don't have a Standard Chartered account, and they may have the casual approach to notifications. If you do have a Standard Chartered account, do me a favor and send me a screenshot of a notification (blurring as appropriate) on Twitter? My handle is @Vidyut
And well, finally... what the hacker chooses to see or ignore
Some emails supposedly "leaked" by the hacker are like total Kashmir Pakistan obsession. I mean seriously, a politically indifferent hacker gets into a big journo's account, and all he can find is emails on Kashmir? ok.
This is probably the first when a hacker out to "expose" missed actionable information (or even to seek it, looks like, if this is the highlight of the hack). For that matter, it could be anyone's inbox.
Worldclass hackers, put up a 98MB download with piddly bandwidth, DoSed their own expose? Hilarious. I suppose by the time the traffic goes down, BJP will have it taken down as "action taken".
If you can download the files they have posted, I would highly recommend you not do so unless you know what you are doing and have secured your machine appropriately. If you have to ask how to, don't.
Maybe it is possible that Legion ain't BJP backed. I'll believe it when BJP arrests them. Surely an attack on a political party, account of an MP and journalists - who have protected sources who could be at risk - warrants investigation and arrests right? So let us see.
At around 830 pm on Monday, Nov. 21, my phone was stolen from me. The incident occurred at the crowded Saket Metro bus stop, while I was inside a feeder bus and the thief outside a window. By the time I could get off the bus and chase him, he had disappeared in the crowd. I looked around for a while before returning home, determined to do all I legally and possibly could in such a case, but feeling hopeless and dejected.
Primary concern, ensuring security
I filed an e-FIR, used Android Device Manager to try and locate the phone, placed a request to erase data with the Manager as well as my office IT service center. I knew that I had logged out of banking apps and they could not be accessed without MPins, but the PayTM app had login details saved. So I tried to lock my PayTM account via their website. Shocker: to verify my login they needed me to enter, apart from my e-mail/phone number and password, an OTP which I could only receive via SMS or call. I wondered why they could not e-mail me the OTP as well, which is standard practice in 2-factor authentication. I then used their customer care page to request a block on my account. I received an acknowledgement of this request almost instantly, (940 pm, Nov. 21, query #10133775). However, I received no reply, so I took to Twitter (1159 pm, Nov. 21):
@Paytmcare my phone got stolen this evening. can you lock my PayTM app?
This tweet, unsurprisingly, did not get any response. In the meanwhile, I had not only got a replacement SIM card from Airtel, but also had the SIM cards activated within the estimated time of 4-6 hours, despite being told that there may be a further delay as my number had been barred due to filing the FIR. I was thus able to receive the OTP now via the on call option (SMS services took a further 24 hours, as estimated, to get reactivated), and logged into PayTM.
It took me less than five minutes to change my password, and also log myself out of all devices. But I had to wait nearly a full day to do it because of the infuriating lack of response from PayTM. Compare this with the speed of transactions on PayTM. If you had to wait 22 hours for your PayTM wallet to be recharged, or if PayTM took 22 hours to pay your Uber cab fare, they would not remain in business very long, would they? So why do they assume they can take their own sweet time about customer service?
I quickly used up the balance in my PayTM wallet in order to close the account. I waited for a day to ensure those transactions did come through, and then tried closing my account this evening. Surprise, surprise. There is no option on the site to close your account, not even among their myriad customer care options. My requesting customer care to do so got me the no-less-surprising response that "Paytm account cannot be deleted, but we can block it for you please help us with the mail form your registered email id stating the same." Bank accounts can be closed, social media accounts can be deleted (I just deleted my WhatsApp account this evening, in under 5 minutes), but a PayTM account cannot be deleted. Why is this so?
Again, for a digital service, PayTM's frankly ridiculous, repetitive insistence on e-mail confirmation is nothing short of painful, especially given that there is NO guarantee your e-mail will actually merit a response from them, as so amply demonstrated by this experience.
Update: @Paytmcare chose to respond to this story via both tweet (0242am, Nov. 24) and e-mail (0615am, Nov. 24). The tweet asked me to check my email with reference to the request for closing my account (query #10291894). Only, their reply was to my e-mail of Nov. 22 (query #10152004). Not only did they get this mixed up, their response was on how I could get a new mobile number updated in my account while my old number was inaccessible - whereas my query had been about blocking my account. At this point, I could only conclude that PayTM's customer care is, in addition to being poorly managed, is also poorly trained to respond to customer queries. And yes, PayTM has not yet confirmed that my account has been blocked, as of 0925am, Nov. 25.
For those interested, I have Storified the full exchange with @Paytmcare on Twitter, and my tweetstorm on the overall experience, here: