was successfully added to your cart.

Bollywood Scandal with a Technology Twist !!

By | Cyber Bullying | No Comments


As a person who deep dives into hard tech such as networks, never had I visualized that I will concern myself with a celebrity scandal. But here I am curiously following up and getting annoyed to no end by the technology inaccuracies being reported in media about the infamous Kangana Ranaut and Hrithik Roshan Saga. For uninitiated, a top Bollywood actress (Kangana Ranaut) has accused a top Star (Hrithik Roshan) of publicly circulating the personal information shared over private emails. He is countering saying that the email is an impostor account. One can read all about it in various tabloids, but in this article, in we will be in “Sheldon Cooper Mode” and will focus on the tech part.

So first things first, the alleged crime (committed both for the impostor if any or the accused), is defined in IT Act 2008 (http://www.cca.gov.in/cca/?q=it_act_amendment.html) which clearly states the transmission of such personal images is punishable by imprisonment of .  Below is the relevant excerpt,


66E. Punishment for violation of privacy. (Inserted Vide ITA 2008)
Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both Explanation.
– For the purposes of this section —
transmit means to electronically send a visual image with the intent that it be viewed by a person or persons;
(b)―capture‖, with respect to an image, means to videotape, photograph, film or record by any means;
(c)―private area‖ means the naked or undergarment clad genitals, pubic area, buttocks or female breast;
(d)―publishes‖ means reproduction in the printed or electronic form and making it available for public;
(e)―under circumstances violating privacy‖ means circumstances in which a person can have a reasonable expectation that—
(i)he or she could disrobe in privacy, without being concerned that an image of his private area was being captured; or (ii)any part of his or her private area would not be visible to the public, regardless of
whether that person is in a public or private place.
Punishment for publishing or transmitting obscene material in electronic form (Amended vide ITAA 2008)
Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to two three years and with fine which may extend to five lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.
67 A. Punishment for publishing or transmitting of material containing sexually explicit act,etc. in electronic form (Inserted vide ITAA 2008)
Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.
Exception: This section and section 67 does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form –
(i)the publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper, writing, drawing, painting, representation or figure is in the interest of science,literature,art,or learning or other objects of general concern; or
(ii) which is kept or used bona fide for religious purposes.


Now to the email part; How does one establish that a particular account belongs to an Individual ? It is a hard thing to do, specially if the criminal is tech savvy has taken lot of precautions to make sure he isn’t tracked.  Keeping aside the non tech methods that law enforcement officials effectively use, many tools are at Law enforcement agencies disposal.

Step by step process in a typical scenario would be this,

  1. Track the IP address of the email address:  Take a copy of the header of the mail. google to know how to get the headers of a particular email. Very simple steps but it is different for different providers such as gmail, outlook, hotmail etc.  Run the header through a tracer tool. There are many free Internet tools to do this. Some are listed below, purely based on the google rank they show up (It is fairly low tech so its ok to use any one)




In some cases you will find the IP address straight away. But now a days due to email server proxies it traces back to providers location (For example Mountain View for Gmail). However once law enforcement officials request for it, email providers such as google are obligated to provide the real IP of the end point and hence you can trace the person (In some cases you may need to get this from ISP or internet providers as well).

In some cases  though criminal may use spoofing software or desktop proxies that will fake the IP address and will make it impossible for the law enforcement officials and the providers to identify the correct IP. In such cases step 2 is the way to go.

  1.  Engage the person and send spying attachment to the email id.

This needs to be done in collaboration with the law officials. Usually spying software is nothing but some script which read more identifiable information from the endpoint (laptop, desktop etc) and transmits it back to the sender.  This information then can be used to identify the real person/IP behind the proxies. Many such scripts are available easily online.

  1. Deduction : If enough emails are available, many analytical techniques may be employed to determine the geography,time etc and can be matched with the known movements of the accused.
  2. Writing Style Analyses : This is probably the most technologically advanced but not so well developed technique yet. Writing styles can be matched with software to establish the likelihood of the accused sending the email.
  3. Forensic analyses of the Devices (provided they are physically intact). Deleting and formatting will not really delete the content and is available for recovery by forensic tools.

There are some more advanced techniques based on the content (such as pictures) but that is for another article. In general it is a combination of the steps above which will determine with accuracy of the outcome. I am eager to see what they find with the hope that media reports it accurately. But most likely this will be out of court settlement thus my tech quest may as well end here.


“Cross the Bridge when it comes” – hurting Digital Consumers ?

By | Cyber Bullying | No Comments

Through this blog I have been suggesting many preventive methods for all sorts of digital usage. However recent news reports such as this http://tinyurl.com/jydguqk are shaking the foundations of preventive practices by consumers. In this news article many bank account holders was robbed by a hacker diverting money into a wallet. Normally such hacks are done by a mixture of social engineering (fraudsters posing as bank folks and calling consumers for the OTP) and some data gathering. In this case though no such effort was made. In the social engineering cases though, the banks put the burden on the consumers, although in many cases the consumers have no clue about digital awareness. In the latter cases at least there is bit of solace as banks take the burden. Since many systems and disparate companies are involved (laptop providers, internet providers, telecom providers, banks, telecom equipment providers) and the hack could be anywhere, it is easy to pass the buck around.

Dilbert-Buck-Passer 2

There are many systematic issues which lead to this state. The general thinking when it comes to security measures, is to do the minimum possible to avoid the regulatory pressures. For many large corporations ROI on the investment becomes a paramount importance. Startups are even worse because traction and growth are more important than inconveniences of security.

But the most dangerous aspect of this whole thing is the unprecedented growth of digital proliferation without any effort on creating awareness about safety measures. Whose job is this ?  Government’s ? Company’s ? or Users ? Question’s to be answered are,

  • Should companies provide method for opting out of online mode ?
  • Should awareness exercise be mandatory ?
  • Should there be consumer insurance ?
  • Who should carry the burden of proof with respect to hacks ?

Hope regulators wake up and provide clarity on this !!