Indian Defence Review

ISIS Twitter Handler Mehdi Masroor Biswas

While no definition of terrorism has been still not been accepted, the US had come up with the term “violent terrorism”. Even within the US hate crimes have been brought into the ambit of terrorism just recently. But coming to violent terrorism, did it imply that ‘latent’ terrorism was acceptable till an act of violence was physically committed? The Sarin Gas attack on the Tokyo Subway on 20 March, 1995 was an act of “violent extremism” perpetrated by members of the Aum Shinrikyo cult. In five coordinated attacks, Sarin was released on several lines of the Tokyo Metro, killing 13, severely injuring 50 and causing temporary loss of vision to some 1000 people. The Cult actually had two remote controlled helicopters and had even smuggled in a Russian Mi-8 helicopter part by part. Had they used aerial spraying, they had enough Sarin to kill one million people. Could you classify members of this cult, non-violent terrorists before the actual Sarin attack? Can we differentiate between or classify ‘good’ (non-violent) and ‘bad’ (violent) terrorists? Isn’t that the very reason that radicalization has multiplied exponentially in regions where the so called ‘wars on terrorism’ have been waged.

But this is about ‘virtual terrorism’ which by no means is a new phenomenon. That cyberspace was freely used for recruitment, planning, coordinating and funding the 9/11 attacks is well known. In 2012, the US feared Al Qaeda turning its destructive attention to cyber-warfare when through a video message an al Qaeda operative called for ‘electronic jihad’ against the US, comparing vulnerabilities in vital US computer networks to the flaws in aviation security before the 9/11 attack. The video called for ‘covert mujahidin’ to launch cyber attacks against US government networks and critical infrastructure including the electric grid. The US national security community assessed the threat of cyber attack was real, and the gap between terrorist aspirations and capability was closing.

US intelligence officials assessed Al Qaeda could even ‘purchase’ such capabilities to do so from expert criminal hackers. Incidentally the US Department of Homeland Security received more than 50,000 reports of cyber intrusions or attempted intrusions between October 2011 and May 2012, an increase of 10,000 reports over the same period the previous year. All this led to fears of devastating attack on the electric grid, water delivery systems and financial networks, calling for new legislation to protect critical networks necessary to protect national and economic security, urging the Senate to act on the bipartisan Cyber Security Act that requires minimum security performance requirements for key critical infrastructure cyber networks.

Global attention appears to have become more focused on virtual terrorism because of the phenomenal rise of the ISIS, India too having been jolted by discovery of the ISIS twitter account operator ‘Mehdi’ alias ‘Shami Witness’, first discovered and reported by Channel 4 News of UK. Mehdi Masroor Biswas, an engineer working as manufacturing executive’ with a Bengaluru-based multinational company for an annual package of Rs 5.3 lakh, has confessed he was handling the pro-jihad tweeter “@ShamiWitness” for past several years. He became a source of incitement and information” for the new ISIS recruits and was particularly close to English-speaking ISIS terrorists. Investigations have revealed Mehdi was interested (probably directed by ISIS) in the Eastern Mediterranean region; Cyprus, Israel, Jordan, Lebanon, Palestine, Syria and part of Southern Turkey from 2003 onwards. Through his social media propaganda, Mehdi abetted ISIS in its agenda to wage war against Asiatic powers.

As per Channel 4, his tweets, written under alias Shami Witness, were seen two million times each month, making him perhaps the most influential ISIS Twitter account, with over 17,700 followers. On Twitter, his account was reportedly also followed by jihadist fighters and Middle East analysts. In a statement to Channel 4 prior to his arrest in India, Mehdi said he is a soldier (read of ISIS) and has not waged war against India. He also said he is in contact with British jihadis and announced that he believed in beheading. In a bid to motivate radicals, Mehdi had posted the video of US aid worker Peter Kassig’s beheading several times on his account. Interestingly, Channel 4 reported that his Facebook account was markedly different and had routine updates about dinners and work parties. Mehdi’s this Twitter account has been shut down following these reports.

Significantly, Twitter India when questioned, responded thus, “We do not comment on individual accounts, for privacy and security reasons. We do not proactively monitor content on the platform. We review all reported accounts against our rules, which prohibit direct, specific threats of violence against others.” It is also possible that the false news of rapes and photos posted on social media one year back of homes attacked and burnt that forced the exodus of northeast youth working in Bengaluru and Delhi was handiwork of Mehdi or other radicals. Similarly, the Whatsapp message purportedly by a young officer post the recent terrorist camp on an army camp in Uri may well have been by radicals aimed at creating dissension in the army’ rank and file.

The above raises two vital questions, particularly with possibility of other such handlers working on behalf of the ISIS or other terrorist organizations and a former NSA stating that more than 100 individuals are involved in Mehdi like activities: first, do we have the wherewithal to holistically monitor such activities considering the enormity, and; second, do we have the necessary legislation to take requisite action against such individuals or will it get glossed over under ‘free expression in democracy’ in absence of direct threat? These issues also need to examined in the backdrop that though Twitter, like most social networking sites, prohibits activity if users publish or post direct, specific threats of violence against others but the problem is that doesn’t actively monitor the content in search of the above threats. Instead, such social media relies on users to report in case they notice violations to the rules.

Hence, terrorists can take advantage of social networking sites even through applications like games that are normally developed by third parties and whenever you add an application; you are granting it access to your account. That ISIS recruits from India were recruited through social media is now well known but even earlier NIA had reported IM cadres had been using proxy servers and complex code to chat: setting up email accounts that disappear if they not accessed in 24 hours, proxy servers to camouflage geographical location, encrypted files and complicated code language; use of  US-based Yahoo Inc, Paltalk Inc, Sophidea Inc and Hurricane Electric, plus providers in Nepal, Canada and Ireland; IP address of Nimbuzz chat traced to Pakistan Telecom Company Ltd and others traced to France, Germany, Netherlands, Nepal and India. Additionally, Riaz Bhatkal and his close aides are known to run a hi-tech command centre in Karachi to communicate with terror cells in India and Nepal, and possibly even Maldives in Sri Lanka and Bangladesh

Ellyne Phneah, In an article titled ‘India government reportedly monitors Web activities, without ISP knowledge’ dated 9th September 2013, , wrote that the Indian government is said to have deployed ‘Lawful Intercept and Monitoring’ systems to track internet activities of citizens, separate from similar systems used by telcos in the government’s Central Monitoring System project. The article stated, quoting  ‘The Hindu’, that Lawful Intercept and Monitoring (LIM) systems had been deployed by India’s Center for Development of Telematics (D-DOT) to monitor Internet traffic, e-mails, Web browsing, Skype and other Internet activities by Indian citizens and that the systems are fully owned and operated by the Indian government, unlike similar systems deployed by local Internet Service Providers (ISPs) which have to comply with Indian Telegraph Act and Rule 419(A) of the country’s IT rules. The LIMs were said to have been installed between the edge router and core network, and had 100 percent indiscriminate access to the online activity of the country’s 160 million users, also having an “always live” link so it can be operated without legal oversight of ISP knowledge. However, Indian media reports of June 2013 had stated that the government was appointing a Coordinator to preside over the new inter-agency structure for cyber security and that this body would rope in the ISPs. This new architecture, cleared by the CCS in Jun3 2013, envisaged an interconnected set of organizations in key departments like NTRO, MoD, MHA, while CERT would remain the umbrella body to oversee cyber protection. A key aspect of the architecture is that the government will work with ISPs to oversee metadata of Indian users but not ‘mine’ the data.

In light of the cancerous spread of the ISIS, a non-governmental initiative termed Counter Extremism Project (CEP) was recently launched in the US, ostensibly with Israeli assistance to confront the growing threat from ‘extremist ideology’. CEP seeks to refute social media messaging, compile world’s biggest database of extremist networks. This is in sharp departure from the erstwhile US policy where the GWOT was launched against primarily Al Qaeda and later the Taliban. The CEP would augment the US NSA already heavily committed albeit the latter faced heavy criticism in recent times for snooping globally under the ‘Prism’ program. Participation of the private sector is also essential because of the magnitude of the issues involved. CEP has been launched as a private sector organization that describes itself nonpartisan in its efforts to combat extremism. Its goals include compilation of the world’s most exhaustive database on extremist groups and their networks, and places unmasking the funding sources for ISIS high on its list of immediate priorities. Though the CEP is a non-governmental organization, it plans to work with governments including US government and will exploit the internet to, mobilize social media to counter extremist ideology by exposing the threat of extremists and mounting a global counter narrative.

Specific to ISIS, it will also target financial support extended to the terrorist group, plus find out how the ISIS is managing to sell oil, identify which entities are buying oil from ISIS controlled wells to enable blocking these conduits. The important point to note is that the private sector has not only a role, but a responsibility, and this is something which should be a national movement in India, not left merely to government organizations like the NTRO, CERT and NIA but to supplement their effort. Considering the magnitude of the problem, India definitely needs public-private partnership to counter virtual terrorism. In addition to integrating ISPs for internet monitoring, India also needs to look at establishing a set up like the CEP, in addition to critically examine the legislation required to effectively counter virtual terrorism, the definition of which will likely remain as ambiguous as terrorism itself.

In terms of cyber security, the Indian government has been endeavoring to facilitate the private sector in setting up cyber security infrastructure, auditing performance, implementing global best practices, training of professional etc but it needs to speed up. It would also be prudent for India to take a few leads from China on the aspect of cyber security. A top level Chinese IT company like Tencent (qq.com) established only in 1998 has been listed number 4 of 100 top internet companies by Forbes. It offers equivalents of Skype, Facebook, Twitter, Amazon, Microchat, Wizard, Google, Gaming etc and claims improvement over Twitter. It’s V-chat (equivalent of Whatsapp) being used in 200 countries. It earns 50 percent of money through its Gaming application.

The point to note is that such indigenous systems make it much easier for China to monitor web activity. Then China has implemented IPv6 internet protocol which is not only more secure but also makes it easier to hide certain information through encryption that is not possible under the current IPv4 used in India. China is producing its own hardware and software. China’s ministry of Public Security (MPS) supports: information security research; certification of commercial sector products for use in PRC government systems; control of commercial information security companies, and; funding of academic grants for research for subjects of interest to MPS. Finally are  China’s IW militias that reportedly employs over 60,000 hackers. India needs to encourage and integrate similar ‘hacker clubs’ in view of the enormity of challenges of virtual terrorism.