Paranoid IT “Experts”

Today, on IRC, Arjun linked me to an article titled ‘Be Careful While SMSing Obscene Jokes‘ on the Daijiworld website. I’m no “expert,” but some of the stuff on the article made me wonder. First, I wondered; then, I cursed; then, I wondered some more. Here are some excerpts:

Think twice before you SMS that really funny obscene joke or blindly forward a photograph - you could land yourself behind bars or unknowingly act as a conduit for a terrorist gang, warn IT experts.

I can just imagine the elation mobile network people are going to feel when they read this.

“Terrorists use the Internet for achieving their goals. An innocent man may be unknowingly drawn into the terrorist network, when he receives a photograph of a beautiful woman from a stranger, who then asks him to forward it to 21 friends to win a prize,” Vijayshankar, consultant, Cyber Law and Techno Legal Cyber Security, said.

“The photograph could contain a hidden terrorist message encrypted within,” he said. The attack on Parliament was linked to hidden messages SMSed to various people in the garb of a beautiful photograph of leading Indian actress, he said.

Wow! Steganography! The plot thickens. However, I have a couple of questions:

1. Let us assume the photo is first sent (presumably using MMS) by terrorist #1, with the intended targets being terrorists #2 through #10, spread across the country or state. Now, terrorists don’t strike me as people who just sit around and wait for something to come their way. They have people to kill, shit to blow up, and imaginary gods to appease, man. In such a case, is it really worth a terrorist’s time to send off the first MMS and then just sit around hoping that a completely random network of dumb MMS users will expedite the process and deliver the message to terrorists #2 through #10? Is this really the very best they can do?
2. Do they have the resources and permission to trace the path a particular message took from beginning to end? If they do, doesn’t it sound vaguely similar to “invasion of privacy”? Hey, I’m not against the suspects being monitored and searched, but in the case of terrorist #1 -> 10,000 idiot with cellphones -> random terrorist, that’s a lot of mobile inboxes being raided and watched by Big Brother. Is this acceptable?

Also, I tried Googling for ‘parliament+attack+steganography’ and all but the first link were inconclusive. Here is what the first link, a page on ‘The Tribune’ website, had to say:

The suspects of the Parliament attack have been reported to be possibly connected with the Al-Qaida network. As mentioned earlier, WTC attackers are suspected to have used steganography as one of the mediums of information exchange. They are also said to be associated with Al-Qaida, hence the importance to study this aspect.

So, they have been reported to be “…possibly connected with Al-Qaida,” who are “…suspected to have used steganography as one of the mediums of information exchange.”

This article doesn’t sound half as sure about the whole thing as “Vijayshankar, consultant, Cyber Law and Techno Legal Cyber Security” does.

Here’s another pearl of wisdom:

“Hence, one should not forward messages received from unknown persons,” says Vijayshankar, who is part of the IT Professionals’ Forum (ITPF) group which is organising a web seminar on June 29 on www.itpfindia.org to warn people on cyber crimes.

Isn’t that like saying, “one should not eat yellow snow”? People dumb enough to do that have no right to wield a mobile phone, or anything at all for that matter. Mr. Vijayashankar, you just might have qualified for a spot on the YAAFM section of ZipperFish. I hope you and your friends at the ITPF get ripped off for all you’re worth by an 11-year-old script kiddie from Albania because, well, you fucking deserve it, you paranoid numbskulls.