Spy Story: Needle in a HayStack
Internet has given a whole new dimension to the art and science of intelligence. Previous to that, all communications were done point to point, so it was easier to trace, track and intercept. On the other hand you needed direct access to the channel in order to do those activities. A telephone line for example, gives you guaranteed access to the channel, if you can physically tap into it. You know who calls whom, and what transpired.
The Internet is different. It offers a good deal of anonymity on one hand, but being distributed, allows remote snooping when possible. Governments were very skeptical about it initially. Everyone thought in terms of the telephone network. It is funny to think that the Department of Telecom India initially charged subscribers by volume of traffic, in 64K chunks. The telephone mentality immediately came to demand by the government that there must be access to all communication through the net. But due to the nature of technologies involved, this is proven to be impossible. The only point where you can effectively monitor a source is at the boundary of the network, that is the first switching element that the subscriber connects to. Thereafter, it is impossible to track the communication.
Add to that the anonimity offered by the internet. You can register into any of the free e-mail service with any name, and access that e-mail from anywhere in the world. If you find that a message is sent to a specific e-mail address, there is no way you can find out where is the person who read that e-mail located. Of course, the e-mail provider can know the IP address from which the specified account is accessed, and thence track the location. But the user can use proxy servers available for free to mask his IP address. You can then go to the proxy servers administrator to find out the original IP, assuming he kept logs. Most of them does not, so you have to install tracking software to do that. Then the source can switch proxies.
And of course, in order to access the service provider, you need legal sanction. The american secret agencies have to get a warrant from the Foreign Intelligence Surveillance Act special court for monitoring, and that too only for sources outside USA. Other countries have different rules. For example, In India, all it takes is a magistrate's warrant for a police officer to demand information. When you operate in a foreign country, you don't have the luxury of getting warrants, so if you can't get what you want, you steal.
Sanjeev Gupta got access to Musharraf's Internet correspondence after a mammoth effort, with help from a well known internet forum. However, that was only part of the game. Ge now knows who is corresponding to the general. But what they are talking about is another matter altogether. Encryption technologies are now widely available, thanks to the efforts of people like Phil Zimmermann who designed Pretty Good Privacy encryption system. The US government had initially classified encryption systems that it can not crack as "munitions" and forbid exports. Zimmerman ended up with a lot of trouble with his software. Legend is that the source code was exported from the USA in the form of printout (which was legal by loophole) and OCRed back in Europe. At some point of time, there were export versions of browsers like IE with lower strength encryption because of the US laws. Later, either because the secret agencies of USA has learned to crack the higher strength encryption, or they gave up to the technology progress, now there are no specific restrictions to cryptography. It is believed that the PGP suite is not crackable even by the US secret agencies.
In face of the widely available cryptographic software, the job of the spy on Internet is harder. The only viable way to crack cryptography is to snoop the keys and passwords from the sources and then use it to decode messages. That is a complicated affair.
Sanjeev was specifically interested in one address firstname.lastname@example.org
to which the good General was sending encrypted messages. The bits and pieces he could gather about this track made it imperative he tag this source, whoever it is. But he had no access to Yahoo to begin with.
He called his good friend Thankavel Natarajan at Singapore.
To be continued