Amid a raging global debate on privacy versus surveillance, monitoring and use of intrusive technologies by governments, the Directorate of Forensic Sciences in the Ministry of Home Affairs (MHA) is set to purchase a range of equipment and software that will allow it to conduct deep search, surveillance and monitoring of voice calls, SMS, email, video, Internet, chat, browsing and Skype sessions on an unprecedented scale.

The shopping list may help the government counter crime and terrorism but civil liberties advocates worry about the misuse of these technologies against ordinary citizens, especially given the absence of strong privacy protection.

The MHA document of July 12, 2013 also lists software-based tool kits for logical level analysis of GSM and CDMA mobile phones — which will comprehensively cover phones and SIMs used by India’s 860 million subscribers across 2G and 3G networks. This will be capable of extracting the phone’s basic information and SIM card data, including in your phonebook and contact list, call logs, caller group information, organizer, notes, live and deleted SMSs, web browser artifacts, multimedia and email messages with attachments, multimedia image audio and video files and details of installed applications, their data, traffic and sessions log. It will allow access to iPhone backup analysis, including those which are password protected. Blackberry, considered safe by unsuspecting users, will also be fair game, since it will support Blackberry IPD backup analysis, even when password protected.

Mobiles and SMS

The specialised hardware on the MHA’s list will be able to extract all data, including call logs, phone books, SMS, email messages along with attachments, MMS, calendars, including passwords and location information. It will be able to read SIM cards and extract SIM-card-related information along with all user information on the SIM card, like phone call register and text messages, even if they have been deleted. The software will be capable of data authentication by hashing algorithms, and will even access deleted phone information by recovering or bypassing passwords. Special forensic kits are being brought in for Chinese mobile phones.

Bypassing passwords

Hardware forensic imaging devices with the capability to acquire data from live systems and content-based images are being procured. The capabilities also include the ability to search for key words in the suspected media and to acquire data over a network. Essentially, this would mean blind, across-the-board search on mass data rather than a targeted search based on an authorised target phone number, email or IP address.

The MHA is also set to acquire software for forensic previewing, for analysis of digital media and smartphones. This can acquire date from various types of storage media including in multi-sessions. It can support Windows, Unix, Linux, Sun, Solaris, Macintosh, Apple’s iOS, Android, Blackberry, HP’s palm OS, Nokia Symbian, Windows Mobile OS, etc. The software will be capable of decrypting volumes, folders and files of suspected media including that which is subject to various types of encryption — including 32 and 64-bit systems.

Software is also being ordered for previewing, image mounting, password cracking and forensic analysis of digital media. This would allow recovering folders, expanding compounded files, saved email data bases, extracting artifacts, time line analysis, and registry log analysis. It will allow the government to auto-detect passwords of protected files and their decryption across a range of encryptions.

The new forensic tool will automatically check for disk encryption, including Truecrypt, PGP, Bitlock and Safeboot. This forensic tool will be capable of collecting and recovering artifacts from live and off-line systems when using cloud artifacts like Dropbox, Carbonite, Skydrive, Googledocs, Google Drive and Flickr. It will link into, and extract data out of, users’ social networking pages like Facebook, Twitter, Bebo Chat, Myspace Chat, Google+ and Linkedin. Similarly, webmail applications like Gmail, Yahoo, Hotmail and instant messenger chat can be targeted through this kit. Instant messenger chat like GoogleTalk chat, Yahoo chat, MSN/Windows Live Messenger, AOL, Skype, ICQ, World of War Craft, Second Life and Trillian, will all be open to collection of artifacts, whether live or offline. The system will also accurately target web browser activity on Internet Explorer, Firefox, Google Chrome, Apple Safari, Opera, Google Maps, etc.

The MHA is one of the nine authorised departments, along with IB and RAW, which is allowed to order surveillance and monitoring of citizens under the Indian law. It has been in the news for being closely involved in the implementation of a nationwide Central Monitoring System covering mobile and Internet users.