Police could trace the IP address used to send the email to the Saltlake cyber café but they failed to identify the person who has sent the email.
Status: Investigation is on
Fake / Fraud email:: inside
With the mushrooming of web based free email provider, it takes less than 3 minutes to create & own an email account. Surprisingly there is no system in place to check the authenticity of the data provided during the creation of the email account. End result we have a system by which you can walk into any of the cyber café in the country create an email account send few email to the media houses in the country with a subject line “BOMB Planted in ABC School/College/Office” & walk out, without having to worry that one can trace the email back to you.
Why can’t we trace these culprits?
Hurdle 1 - Unlike PCO booth where one will have unique phone no. for all the machines/handsets, in a cyber café all the computers shares a one (in some case two or three at max) IP address to connect to Internet. As there is no centralized record keeping or a log system in most of these café’s it becomes almost impossible to locate which computer in the café has accessed which site & at what time.
Hurdle 2 – If one had a log system to locate the access of a particular site from a particular computer at particular time. The Herculean task will be to identify the person who was using the computer at that point of time.
Hurdle 3 – With different time zone is in use in the globe, it becomes difficult to ascertain the time in which the email was actually sent. The café which uses the service of a local ISP will have a setup for a different time zone, whereas the web based portal from where the mail was sent can have different time zone. The receiving email server may be in a different time zone. For an investigation officer it becomes tedious job to identify the actual time of crime.
Hurdle 4 - Technical glitch, this is the mother of all problems; there are websites which allow users to hide their IP address. With the help of one of this web site one informed/learned user can send an email sitting in Kolkata which will be traced back to some cities in Nigeria or North Korea. Unless one gets active help from these countries it will be an impossible task to catch the sender.
The e-mail protocol (SMTP) has no authentication by default, so the con person can pretend to originate a message apparently from any e-mail address. To prevent this, some ISPs and domains require the use of SMTP-AUTH, allowing positive identification of the specific account from which an e-mail originates. But still there are plenty of SMTP servers in the world available which can allow unauthenticated email.
What investigation authority did was issued an order for all cyber café in the city to record usage of their computers by keeping a record for all customers, their name, address, in time, out time & computer used. All cyber café’s are asked to check a valid photo identity proof for the prospective customer before allowing them to use the café facility.
A welcome initiative, but what they have not notice is, there are few other not so public place from where one can send the similar email & still will go untraceable. These places can be any place where more than one person uses a single computer to access Internet without proper authentication or log system. Example: Computer labs in educational institutions. Computers in office or work places.
Prevention:
- Accountability: one has to be accountable; it may be a cyber café, office or an educational institution one has to be accountable for the usage of internet in their premises.
- CERT (Computer Emergency Response Team) in India has to come up with some solution how to tackle with anonymous proxy sites in India.
- One needs to go through the email header carefully for any kind of doubt on the mail content.
- People need to be informed about the possibility of fake/fraud email messages.
- Proper log keeping at various level, so one can cross check.
Time has come that we start taking email account creation a bit seriously & start proper verification proceedings or some referral system by which one can trace the physical person through an email id.
2 comments:
thanx for providing such a good information.......
atleast now i know how we can do something and police will not reach us or atleast what problems they will be facing.........
hehehe...ok ok jokes apart......it was a really good content for us.
i think today there are thousands of ways to create such type of blunders.but for making puncher in some one's mind,i think fraud e-mailling is the populest medium.why???? because it is the easist way and you are always sure that no one can trace you!!!!
## if we talk about the fraud mail,there must be some solid proof of urself while creating your email id,like ur pan card no.,ur bank accnt no.(as most of us have atleast one account in any bank)or any thing else.
##the second way may be to control internet cafe.each n avry person who is going to take an internet connection must be provided such type of warning that if some thing happend then he/she will be FULLY responsible for it until he/she dont hav full information about the user useing his/her system.i think this will make each cafe owner much attentive.
i know that this is like a drop of water for forest fire,but the main issue is that person who is going to use internet is how much aware of its risks.but who cares we go for orkuting or facebook or chat only!!!
my view is that if we know that how serious is this, then we must tell it to others also...and this is only the way to get rid of this problem.
Post a Comment