07-31-2008, 04:00 AM
<b>
Tech-savvy cyber crooks could steal your Net identity</b>
Anand Parthasarathy
Technology exists to prove a malicious e-mail did not originate from your PC
Bangalore: When several television channels received e-mails last week claiming credit for the bomb blasts in Ahmedabad on behalf of an outfit that called itself the Indian Mujahideen, the police traced the mail through an IP, or Internet Protocol, address to the e-mail account of a Navi Mumbai resident. Many of the same channels wasted no time to flash headlines that suggested that an American national was somehow involved in the âterror mail.â
The police, under pressure to âshow resultsâ and in many cases hampered by an insufficient understanding of how such technologies work (and how they can be misused), have also not been averse in similar situations to rush to judgment. The argument being advanced in such cases in India seems to be: âThe Internet Service Provider (ISP) has stated that this e-mail was sent from your e-mail account. So you must have sent it.â
No relief
The onus is then on the e-mail account holder to prove otherwise. If you are an average non-tech-savvy user â as are most of us â that is not easy to do. The law as it is being applied in India to such âcyber crimeâ is merely an extension of the principle that one is responsible for actions that take place under oneâs roof.
The Information Technology Act, 2000, provides no succour to innocent victims of cyber-savvy Net criminals indulging in what is known as identity theft â stealing your e-mail ID and sending mails that seems to have emanated from you. The Act has not highlighted the fact that unlike a physical entity like a house, you may not be in sole control of your PC â particularly one that is âalways onâ â connected to the Net by a broadband connection, as so many lakhs of Indian machines are.
Net Security products sold by leading players may claim to insulate your PC from viruses, spam (junk mail) phishing (attempts to steal personal data such as passwords) and identity theft. The truth is, makers of such products have to play a non-stop game of âcatch upâ with the cyber criminal. A determined attacker will get past your firewall â especially the mass market products most of us use.
Vulnerable
The sad fact today for most of us lay e-mail users as well as corporates is that we are vulnerable to anonymous attacks which assume our identity to perform malicious acts. But there are a few technology facts that PC users and e-mail account holders need to know, to prove their innocence in the event their accounts are hacked: The IP address of the originator that the ISP has logged with every e-mail sent or received â and which is the first clue law enforcers seek â is not the only âsignatureâ on the impugned mail. If your PC is connected to the ISP through a cable broadband connection or even wirelessly in an apartment complex or hotel, it must pass through a network card in your machine â it could be a network router or a wireless card or even a modem attached to an ethernet port.
This âgatewayâ on your PC has a unique MAC, or Media Access Control, number which is, in effect, the âaddressâ of your physical machine.
You can easily obtain the MAC number of your Network card or modem: In Windows PCs, click on the âRunâ command and type âcmd.â This will open the black screen of the older âcommand modeâ that PCs used 15 years ago.
Exclusive to machine
Type âipconfig/allâ at the winking cursor. The screen will fill with a page of numbers that is in effect the full âhoroscopeâ of your PC, including the infamous IP address the police rely on â and something called physical address ... 12 digits or letters, two by two separated by dashes. This is your MAC number. If someone hacked your e-mail account and sent a mail in your identity, it will bear your IP address. But the physical address is something unique to your physical machine. Unless a mail was actually sent from your PC, it cannot bear this number.
Lay users have a responsibility to see their PCs are not misused. But that can rarely happen in a home situation. Once you have secured your PC physically, the MAC number will help you prove mails sent by hackers did not originate from your machine. That is the status today... till hackers come up with something new against MAC numbers.
Paying a price
Sadly, ISPs are not sharing this basic information with customers â or circulate it widely among law enforcement agencies, who could save themselves some pointless sleuthing and save innocent citizens the trauma of negative publicity.