Electronic Surveillance

Organized crime around the globe lived up to its sophisticated methods by using wireless communications to cover tracks of illegal gambling, kidnappings, money laundering and other crimes. Babloo Srivastava used a cellular phone to continue kidnappings and extortion from the safety of his cell in Tihar Jail. Terrorists are also unpopular benefactors of wireless communication.

Today the scenario has completely changed. On the one hand, the scope of criminal activities has attained tremendous proportion and on the other, a number of electronic gadgets are available for communication. These may be broadly classified as under

Telephone

Mobile Phone Internet

Primary duty of Police: prevention and detection of crime For this various methods of surveillance over suspects/known criminals are used Interception of written and voice communication one of the oldest methods of surveillance In the cyber age electronic forms of communication Criminals and terrorists are using SMS, E-mail, chatting and VOIP Also using encryption techniques to avoid interception. Terrorists orgs. Like Al-Qaeda, Hamas and Hezbollah are using computer communication using encryption tools like steganography

Task of Police becoming difficult with usage of computers and availability of encryption tools Demand for e-surveillance i.e. surveillance over internet traffic Base Trans Receiver Station

Global System of Mobile Communication

Public Switched Telephone Network

Mobile Switching Centre (MSC)

HLR VLR EIR

PSTN

AUC
Base Station Controller (BSC)

BTS BTS BTS

BTS

Division of A City in Cells

Concept
Mean Reuse Distance (MRD) 4.6 x Radius of the cell Cell Radius : 1.6 Kms. Cities 16 Kms. Rural Areas Cell Radius depends on the number of users as well as topography of cell area

This concept of MRD can be extended to whole Country. Ultimately whole world. Every Cellular Operator typically gets 840 frequencies in a city. Normally 800 are used for voice Communication and 40 are used for control channels.

Grid Map of the City and Cell ID

0o Cell Direction

1. Km.

MORADABAD

240o

120o

Tower Based On
- Number of Subscribers - Density of Population

* Omni Antenna in smaller city

APPLICATIONS

CRIMINAL TRACKING CRIME INVESTIGATION ELECTRONIC SUVEILLANCE INTELLIGENCE COLLECTION ANTI CORRUPTION INVESTIGATIONS

CELLULAR PHONE MONITORING

COMPUTERISED PRINT OUT CELLULAR TRACKING DEVICES IMPLEMENTATION OF LICENCE CONDITIONS IN THE SELLING OF PRE PAID CARDS SPECIALIZATION AND DISSEMINATION OF CELLULAR INVESTIGATIVE TECHNIQUES

Cell Phone Tracking

CDR gives us

IMEI Mobile number Date of call Duration of talk Time of call Number called/calling Incoming/outgoing Cell number

Further Insights in the Analysis

IF WE KNOW TARGETS IMEI AND HE IS ELOPED: IMEI can be run on the same cellular operator or probable operators to get the new SIM number. IF TARGET HAS CHANGED BOTH SIM AND HANDSET(IMEI): Targets base contact numbers P&T/ MOBILE can be run on all probable cellular operators to get his new no. IF TARGET PURCHASES A NEW SIM: Cellular operator would provide the application form,identity proof provided by the subscriber/target and the venders address from where the SIM is sold. This is very important piece of information. Probably the same identity proof would be used for purchasing a new SIM.Therefore, such name and address can be run in subscribers data base of the probable cellular operators and targets new SIM no. can be traced.

New Trends

A Criminal takes a Hutch SIM from Delhi. Uses this SIM in roaming in Bihar. Now what happens to its Incoming & Outgoing calls? Incoming call route through the mother network so a police party can listen from Hutch, Delhi switch room But voice of outgoing calls can only be get from the switch room where the SIM is roaming/attached.

Sharing of Info through SMS Called/calling no. along with the SMS text can be retrieved by the cellular operator.

Cell Id

Location within the cell known Lets us know the possible hideouts need surveillance and intelligence collection to zero in Can know if the person is static or mobile if on the highway, it can be understood If the cell number doesnt change from night to early morning, it means that the criminal is staying put at one place Frequency of cell id during specific period With cell number and time of call analysis, we can estimate his movement pattern Even when the cell phone is not in use, the cell in which the mobile is currently available is also known in the HLR Last cell where the mobile was switched off is also known in HLR Hence should have cell chart of all mobile operators

Tower

Makes sense to check all communication from the tower before, during and after the commission of crime From the mobile numbers found, check and eliminate all innocent numbers by checking on the addresses get a print out of a tower

communication and understand

Can monitor communication from a tower when some criminals are expected to arrive at a particular place

Numbers called/calling

Know all friends/accomplices check on addresses on land lines and mobile numbers Can put them on surveillance Analysis:

Frequency of call Time of particular calls Calls made during the commission of the offence Pattern of calling calls made after receiving call from someone Daytime/nighttime calls

IMEI Number

Remains unchanged for a particular set Run the IMEI number and one can get the mobile number of the criminal; then get the CDR

Time of calls

Day time/ night time calls Night stay at any place

If criminal changes mobile set..

Assumption is that he will still call the same numbers his friends would still be the same Check on CDRs of the land lines and mobiles of his friends and estimate the mobile number of the criminal

When we get a criminals Mobile..

His mobile number IMEI number His address if not fake Can get his address book Get numbers of his accomplices/friends Analyse his CDR Look for calls made just before the commission of the crime Missed calls Divert lines

Electronic Surveillance

Legal Provisions Diversion of Phone Calls Organizational Issues

Scientific Analysis of Call Details Formalization of Evidence

Case Studies

Legal Provisions

The UP.Police Regulation/VCNB

Surveillance of the activities of bad characters well defined in U.P. Police Regulation Chap- 20 Sec. 223-276. Village crime note book (VCNB) divided onto 5 parts. Part-V deals with History-sheets of convicted, acquitted or habitual criminals. It was expected of Police to keep a surveillance on these categories of criminals.

The Telegraph Act

Definition

Telegraph:

Any appliance, instrument, material or apparatus used or capable of use for transmission or reception of signs, signals, writing, images and sounds or intelligence of any nature by wire, visual or other electro-magnetic emissions, Radio waves or Hertzian waves, galvanic, electric or magnetic means

Interception of messages
Any officer specially authorized by the Central Government or a State Government may, in the interest of sovereignty and integrity of India the security of the State friendly relations with foreign states public order for preventing incitement to the commission of an offence,
continued...

may order that any message or class of messages to or from any person or class of persons, or relating to any particular subject, brought for transmission or transmitted or received by any telegraph, shall not be transmitted, or shall be intercepted or detained, or shall be disclosed to the officer mentioned in the order. (Sec 5(2))

THE IT ACT, 2000

Definitions:

Computer resource : means computer, computer

system, computer network, data, computer database or software. (Sec 2(k)

Electronic form : with reference to information means

(Sec. 2 (r)

any information generated, sent, received or stored in

media: magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device.

Electronic record : means data or record generated,

image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche. (Sec. 2 (t)

LEGAL RECOGNITION OF ELECTRONIC RECORDS

Section (4) IT Act 2000: Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is (a) rendered or made available in an electronic form; and (b) accessible so as to be usable for subsequent reference. Section (91, 92) IT Act 2000: IPC (45 of 1860) and Indian Evidence Act (1 of 1872) amended accordingly.

AMENDMENTS TO IPC

Document to mean document or

electronic record in the following sections: 167 : Public servant framing incorrect document. 172,173,175 : Production of documents before courts or public servants. 192,204 : Fabrication of false evidence 463,464,466,468,469,470,471,474,476,47 7A : Offences relating to documents.

AMENDMENTS TO THE EVIDENCE ACT

E-records to be admissible as documentary evidence. (Sections 3, 65A, 65B)

Provisions relating to proving of digital signatures. (Section 67A) Presumptions as to e-agreements; e-records and digital signatures; DSCs; e-messages; e-records 5 years old. (Sections 85A,85B,85C,88A,90A)

Admissibility of Electronic Records

Any information contained in an electronic record which is printed on a paper, stored, recorded or copied in optical or magnetic media produced by a computer (hereinafter referred to as the computer output) shall be deemed to be also a document.
1)

Section -65B

2)

Following conditions must be satisfied in relation to the information, and the computer a) the computer was used regularly to store or process information for the purposes of regular activities b) the information derived was regularly fed into the computer in the ordinary course of the said activities c) the computer was operating properly d) the information is derived from such information which was fed into the computer in the ordinary course of the said activities.

Diversion Of Phone Calls

Diversion of Phone Calls

1.

2.

3.

4.

Identify the suspect number to be taken on parallel monitoring Exercise discretion Collect ownership details and address from the Service Provider Request Home Secretary for permission for parallel listening under Sec 5(2) of Indian Telegraph Act Once permission is received, request the Service Provider to divert the number on a pre-identified police number

5.

Assign police personnel by name for listening

For quick responses based on call content For evidence

6.

Record all conversations

On single line recorders Voice logger systems : Computer based automatic systems for recording and retrieval of voice calls on multiple channels

7.

Simultaneous transcription of conversations

8.

9.

10.

Maintain systematic records of all numbers taken on diversion Inform the service provider to close the diversion when it is no longer required Request the Home Secretary for extension of diversion period beyond one month, if necessary.

Organizational Issues

Management of E-Surveillance

Form the manpower into self-contained teams: Composition should include personnel handling sources, e-surveillance, physical surveillance, field craft, formalization Necessary resources: 4 to 5 mobile phones, Surveillance Kits, appropriate vehicles, internet access, money

Call Data Records Contents

Call Type:

Incoming or Outgoing

"IN" or "MTC": Mobile Terminating Call "OUT" or "MOC" : Mobile Outgoing Call Mobile Station International Integrated Services Digital Network Number, or simply, the mobile

MSISDN

number dialed to reach a subscriber

Ten Digits 919810012345 91 : 2 digit Country Code 98 : 2 digit National Destination Code 10012345 :8 digit Subscriber Number

B Number

Called/Calling number: may be any other network number Starting time of the call in hh:mm:ss, with date
In seconds Code of the terminating cell: where call ended. Some operators give originating and terminating cell-ids Number to which call charges are billed

Start Time

Duration

Cell Id

Charged Party

IMEI

International Mobile Equipment Identity, a unique number given to every single mobile phone, typically found behind the battery. IMEI numbers of cellular phones connected to a GSM network are stored in a database, Equipment Identity Register, containing all valid mobile phone equipment. It is a 15 digit number: 234567-56-456654-0 : 6 digit Type Approval Code : 2 digit Manufacturer Code : 6 digit Serial Number : 1 Additional digit, usually 0

IMSI

International Mobile Subscriber Identity Each GSM mobile subscriber's SIM is assigned a unique 15 digit IMSI. 404152800227727 3 digit Mobile Country Code 2 digit Mobile Network Code 10 digit Mobile Subscriber Identity Number IMSI allows any mobile network to know the home country and network of the subscriber Required to locate numbers roaming in other networks In case of 'duplicate' mobile number, IMSI will be different

Analysis of Call Data Records

Objective:

To locate the suspect PHYSICALLY To collect information about his activities

Call details highlight contacts of the suspect. Numbers may point to suspect's associates, relatives or victims.

Geographical Area wise Grouping

ISD code wise STD code wise

Frequency of calls Duration of calls

These indicate intimacy with suspect. Should be verified with field information. Some suspects call particular people May indicate place of stay

First and Last call in a day

Night Calls

IMEI wise groupings

Indicate the number of handsets being used. Many SIM cards may be used on the same handset. As handsets are costly, they are not disposed off easily. There are instances where old IMEI number has figured after 7 months. Some suspects use different handsets to talk to different types of contacts. From one IMEI, all family members may be contacted, and from another all associates.

Cell Id wise groupings

Most frequent cell-id indicates place of stay. Late night and early morning calls invariably indicate place of stay. Cell Id is indicated only when the user is within the home network from Home Location Register. While roaming, cell-id is not indicated in CDR. During roaming, cell-id is provided by the current service provider network from their Visitor Location Register. IMSI is needed to locate a roamer.

Call Diverts

Commonly used by criminals to avoid interception Details required from the Service Provider

Call Conferencing

Check: Start Time < Start Time+ Duration

Don't Ignore Single Calls !

Invariably, the first call after purchase of a new SIM card is made from the current handset. The handset may be changed afterwards, but the CDR of this new SIM will give new IMEI number. First outgoing to a landline/mobile First incoming from a landline/mobile

Service Provider Interface

Diversion of phone calls Details of Call Diverts IMEI runs on different networks Telephone number runs in CDRs Physical area identification by Cell Id Cell Id location, even while roaming, by IMSI Any other information.

The PCO Drill

Collect following details from the PCO:

Calls made by suspects to any other numbers : Preceding and succeeding calls - from all lines of the PCO Bill paid by the caller - to identify other dialed numbers

Physical description of callers Any vehicle used by callers Mount Physical Surveillance on frequently used PCOs

Formalising The Evidence

While writing the case diaries the following must be included: 1. Letter to Home Secretary requesting permission for parallel monitoring 2. Permission of the Government 3. Letter to Service Provider requesting diversion 4. Names of police personnel entrusted the job of hearing, recording and transcripting the conversations 5. Date and time of conversation 6. Transcript of conversation 7. Certificate of responsible official in charge of the process

8.

9.

10.

11.

Call details of the suspect number and other correlated numbers issued by the Service Provider Statements of officials of Service Provider Organization issuing the call details Request to court for voice sample of the suspect Report of the forensic laboratory

Case Studies

Prateek Deewan Kidnapping Case

Pratek Deevan, a student of Class 11, studying in Dehradun was kidnapped on 01 November,2002 while traveling from Dehradun to Delhi by a Qualis. Dead body of the driver laden with bullet injuries was recovered from the highway next day. For the first two weeks the kidnappers made ransom calls using different mobile numbers from Ludhiyana, Amritsar, Delhi, Jodhpur, Baroda and Meerut. A ransom of Rs. 2.5 Crore was demanded.

An email from rediffmail account was received demanding ransom. ISP was requested to provide details of the IP address of the originating email. Physical address was located to be in Bombay. A team was sent to Bombay. Kidnappers created a different email-id on yahoo.com and instructed the family of the victim to chat on yahoo!chat.

While the chat was continued, ISP provided details of the IP address and physical address of the suspect. It was a cyber caf in Bombay. STF team arrested the accused red handed while chatting from the cyber caf. On interrogation the accused revealed the hideout where the kidnapped was kept. The victim was rescued and all accused were arrested on 02 December, 2004.

Electronic Surveillance needs to be complemented appropriately by matching field work and physical surveillance for achieving the targets physically.

QUESTIONS