Indian Mujahideen Exploit Internet Security Weaknesses in Bombing Attacks

Andrew McGregor

September 18, 2008

A lengthy email statement claiming responsibility for the September 13 bombings in New Delhi that killed over 30 people and wounded over 100 more was issued minutes before the attack began.

The 13-page Indian Mujahiden (IM) email (which included video and graphics) was sent to various TV stations from (al-Arbi = “The Arab”), the same address used in the IM statement that accompanied the July 26 Ahmedabad bombings. IM is believed to be a front for the radical Students Islamic Movement of India (SIMI).

The IM message informs the Indian government that the movement will “make you face the disastrous consequences of the injustice and oppression inflicted upon the Muslims all over the country… We will continue to punish you even before your earlier wounds have healed.” The bombings are intended to “prove to you the ability and potential of [the] Indian Mujahideen to assault any city of India at any time.” The Delhi bombings are described as “a tribute to all our brethren martyrs in Kashmir.” The authors included a challenge to Indian police: “Do whatever you want and stop us if you can” (Times of India, September 14; The Hindu, September 14).

Within hours of the New Delhi attack Indian investigators arrived at the originating point of the email, the offices of Kamran Power Control Pvt Ltd, located in the Chembur suburb of Mumbai, where they began searching through the company’s computers for evidence (Times of India, September 14; The Hindu, September 14). The 25-year-old firm manufactures electronic control panels for industrial use. It was eventually determined that the email’s author had hacked into the company’s wireless network.

The Mumbai firm’s wireless network was unsecured, making it a simple task for IM to hack into it. The Indian government has been slow to develop cyber-crime legislation and internet security provisions and software are widely ignored. A New Delhi-based internet security firm estimates that “Ninety-nine percent of people [in India] don’t know how to secure their wireless connection, even big companies” (Economic Times [India], September 14).

This is the third time IM has hacked into a computer’s wireless internet connection to make a claim of responsibility in a terrorist attack. The IM leadership is believed to include several IT experts, including its leader, former software engineer Abdul Subhan Qureshi, and a computer graphics designer from Gujarat named Qayamuddin. An email claim of responsibility for the July 26 blasts in Ahmedabad was traced to the Mumbai computer of an American national who was cleared of any role in the case after it was determined his WiFi connection had been hacked. The last three IM email messages have all come from Mumbai, thought to be Abdul Subhan’s base (Times of India, September 14). Besides the Mumbai-based Subhan, a number of other leading members of SIMI are believed to operate from Gujarat and Madhya Pradesh states. IM emails are typically sent only five minutes before a bombing, allowing no time to take preventive measures. The IM bombs are usually planted in areas of dense activity, with shrapnel and ball-bearings included to insure maximum casualties.

Indian authorities believe that the authors of earlier IM email manifestoes, cleric Abdul Bashir Qasmi and Lucknow businessman Shahbaz Husain (a.k.a. Guru al-Hindi), are now under detention. Though the latest statement was co-signed by Abdul Subhan and Guru al-Hindi, the electronically reproduced signature of the latter differs from earlier examples (The Hindu, September 14).

This article first appeared in the September 18, 2008 issue of the Jamestown Foundation’s Terrorism Monitor