8/2/2019 360477_634055450599150000

1/60

Electronic Surveillance

8/2/2019 360477_634055450599150000

2/60

Organized crime around the globe lived up toits sophisticated methods by using wireless

communications to cover tracks ofillegalgambling, kidnappings, moneylaundering and other crimes.

Babloo Srivastava used a cellular phone tocontinue kidnappings and extortion from thesafety of his cell in Tihar Jail.

Terrorists are also unpopular benefactors ofwireless communication.

8/2/2019 360477_634055450599150000

3/60

Today the scenario has completelychanged. On the one hand, the

scope of criminal activities hasattained tremendous proportionand on the other, a number of

electronic gadgets are availablefor communication. These may bebroadly classified as under

Telephone Mobile Phone

Internet

8/2/2019 360477_634055450599150000

4/60

Primary duty of Police: prevention and detectionof crime

For this various methods of surveillance over

suspects/known criminals are used Interception of written and voice communication

one of the oldest methods of surveillance In the cyber age electronic forms of

communication Criminals and terrorists are using SMS, E-mail,

chatting and VOIP Also using encryption techniques to avoid

interception. Terrorists orgs. Like Al-Qaeda, Hamas and

Hezbollah are using computer communicationusing encryption tools like steganography

8/2/2019 360477_634055450599150000

5/60

Task of Police becoming difficult with usage of

computers and availability of encryption tools Demand for e-surveillance i.e. surveillance over

internet traffic

Base Trans Receiver Station

8/2/2019 360477_634055450599150000

6/60

Global System of MobileCommunication

HLRMobile

SwitchingCentre

(MSC)

PublicSwitchedTelephoneNetwork

PSTN

VLR

EIRAUC

Base StationController (BSC)BTS

BTS BTS

BTS

8/2/2019 360477_634055450599150000

7/60

Division of A City in Cells

Concept : Mean Reuse Distance (MRD)4.6 x Radius of the cell

Cell Radius : 1.6 Kms. Cities16 Kms. Rural Areas

Cell Radius depends on the number of users

as well as topography of cell area

This concept of MRD can be extended to wholeCountry. Ultimately whole world.

Every Cellular Operator typically gets 840 frequenciesin a city. Normally 800 are used for voiceCommunication and 40 are used for control channels.

8/2/2019 360477_634055450599150000

8/60

Grid Map of the City andCell ID

1. Km.

MORADABAD

Tower Based On- Number of Subscribers

- Density of Population

* Omni Antenna in smaller city

0o Cell Direction

240o 120o

8/2/2019 360477_634055450599150000

9/60

APPLICATIONS

CRIMINAL TRACKING

CRIME INVESTIGATION

ELECTRONIC SUVEILLANCE INTELLIGENCE COLLECTION

ANTI CORRUPTION INVESTIGATIONS

8/2/2019 360477_634055450599150000

10/60

CELLULAR PHONE

MONITORING COMPUTERISED PRINT OUT

CELLULAR TRACKING DEVICES

IMPLEMENTATION OF LICENCECONDITIONS IN THE SELLING OF PREPAID CARDS

SPECIALIZATION AND DISSEMINATION

OF CELLULAR INVESTIGATIVETECHNIQUES

http://surveillance%20equipments.ppt/http://surveillance%20equipments.ppt/

8/2/2019 360477_634055450599150000

11/60

Cell Phone Tracking

CDR gives us IMEI

Mobile number Date of call

Duration of talk

Time of call

Number called/calling Incoming/outgoing

Cell number

8/2/2019 360477_634055450599150000

12/60

Further Insights in the Analysis

IF WE KNOW TARGETS IMEI AND HE IS ELOPED:IMEI can be run on the same cellular operator or

probable operators to get the new SIM number. IF TARGET HAS CHANGED BOTH SIM AND

HANDSET(IMEI):Targets base contact numbers P&T/MOBILE can be run on all probable cellular operators toget his new no.

IF TARGET PURCHASES A NEW SIM: Cellularoperator would provide the application form,identityproof provided by the subscriber/target and the vendersaddress from where the SIM is sold. This is veryimportant piece of information. Probably the same

identity proof would be used for purchasing a newSIM.Therefore, such name and address can be run insubscribers data base of the probable cellular operatorsand targets new SIM no. can be traced.

8/2/2019 360477_634055450599150000

13/60

New Trends A Criminal takes a Hutch SIM from Delhi. Uses

this SIM in roaming in Bihar. Now what happens to its Incoming & Outgoing

calls?

Incoming call route through the mother network

so a police party can listen from Hutch, Delhiswitch room

But voice of outgoing calls can only be get fromthe switch room where the SIM isroaming/attached.

Sharing of Info through SMS

Called/calling no. along with the SMS text can beretrieved by the cellular operator.

8/2/2019 360477_634055450599150000

14/60

Cell Id Location within the cell known

Lets us know the possible hideouts need surveillance andintelligence collection to zero in

Can know if the person is static or mobile if on the highway, it canbe understood

If the cell number doesnt change from night to early morning, it

means that the criminal is staying put at one place

Frequency of cell id during specific period

With cell number and time of call analysis, we can estimate hismovement pattern

Even when the cell phone is not in use, the cell in which the mobileis currently available is also known in the HLR

Last cell where the mobile was switched off is also known in HLR

Hence should have cell chart of all mobile operators

8/2/2019 360477_634055450599150000

15/60

Tower

Makes sense to check all communicationfrom the tower before, during and after thecommission of crime

From the mobile numbers found, check andeliminate all innocent numbers by checkingon the addressesget a print out of a towercommunication and understand

Can monitor communication from a towerwhensome criminals are expected to arriveat a particular place

8/2/2019 360477_634055450599150000

16/60

Numbers called/calling

Know all friends/accomplices check onaddresses on land lines and mobile numbers

Can put them on surveillance

Analysis: Frequency of call

Time of particular calls

Calls made during the commission of the offence

Pattern of calling calls made after receiving callfrom someone

Daytime/nighttime calls

8/2/2019 360477_634055450599150000

17/60

IMEI Number

Remains unchanged for a particular set

Run the IMEI number and one can get

the mobile number of the criminal; thenget the CDR

8/2/2019 360477_634055450599150000

18/60

Timeofcalls

Day time/ night time calls

Night stay at any place

8/2/2019 360477_634055450599150000

19/60

If criminal changes mobileset..

Assumption is that he will still call thesame numbers his friends would still

be the same Check on CDRs of the land lines and

mobiles of his friends and estimate the

mobile number of the criminal

8/2/2019 360477_634055450599150000

20/60

When we geta criminalsMobile..

His mobile number

IMEI number

His address if not fake

Can get his address book Get numbers of his accomplices/friends

Analyse his CDR

Look for calls made just before thecommission of the crime

Missed calls

Divert lines

8/2/2019 360477_634055450599150000

21/60

Electronic Surveillance

Legal Provisions

Diversion of PhoneCalls

Organizational Issues

Scientific Analysis ofCall Details

Formalization ofEvidence

Case Studies

8/2/2019 360477_634055450599150000

22/60

Legal Provisions

h li

8/2/2019 360477_634055450599150000

23/60

The UP.PoliceRegulation/VCNB

Surveillance of the activities of badcharacters well defined in U.P. PoliceRegulation Chap- 20 Sec. 223-276.

Village crime note book (VCNB) divided onto5 parts.

Part-V deals with History-sheets of convicted,

acquitted or habitual criminals. It was expected of Police to keep a

surveillance on these categories of criminals.

8/2/2019 360477_634055450599150000

24/60

The Telegraph Act

Definition

Telegraph:

Any appliance, instrument, material or apparatus

used or capable of use fortransmission or reception of

signs, signals, writing, images and sounds or

intelligence of any natureby wire, visual or other electro-magnetic emissions,Radio waves or Hertzian waves, galvanic, electric

or magnetic means

8/2/2019 360477_634055450599150000

25/60

Interception of messages

Any officer specially authorized by the CentralGovernment or a State Government may, inthe interest of

sovereignty and integrity of India the security of the State

friendly relations with foreign states

public order

for preventing incitement to the commission ofan offence,

continued...

8/2/2019 360477_634055450599150000

26/60

may order that

any message or class of messages

to or from any person or class of persons, or

relating to any particular subject,

brought for transmission or

transmitted orreceived by any telegraph,

shall not be transmitted, or

shall be intercepted or detained, or shall be disclosed to the officer mentioned in

the order.

(Sec 5(2))

http://sec-5%20indian%20telegraph%20act%201885.doc/http://sec-5%20indian%20telegraph%20act%201885.doc/

8/2/2019 360477_634055450599150000

27/60

THE IT ACT, 2000Definitions: Computer resource : means computer, computer

system, computer network, data, computer database orsoftware. (Sec 2(k)

Electronic form: with reference to information meansany information generated, sent, received or stored inmedia: magnetic, optical, computer memory, microfilm, computer generated micro fiche or similar device.(Sec. 2 (r)

Electronic record :means data or record generated,image or sound stored, received or sent in an electronicform or micro film or computer generated micro fiche.(Sec. 2 (t)

8/2/2019 360477_634055450599150000

28/60

8/2/2019 360477_634055450599150000

29/60

AMENDMENTS TO IPC

Document to mean document orelectronic record in the following sections:

167 : Public servant framing incorrectdocument.

172,173,175 : Production of documentsbefore courts or public servants.

192,204 : Fabrication of false evidence 463,464,466,468,469,470,471,474,476,47

7A : Offences relating to documents.

8/2/2019 360477_634055450599150000

30/60

AMENDMENTS TOTHE EVIDENCE ACT

E-records to be admissible as documentaryevidence. (Sections 3, 65A, 65B)

Provisions relating to proving ofdigitalsignatures. (Section 67A)

Presumptions as to e-agreements; e-records

and digital signatures; DSCs; e-messages;e-records 5 years old.(Sections 85A,85B,85C,88A,90A)

8/2/2019 360477_634055450599150000

31/60

Admissibilityof Electronic Records

1) Any information contained in an electronicrecordwhich is

printed on a paper, stored, recorded or copied in optical or

magnetic media produced by a computer

(hereinafter referred to as the computer

output)shall be deemed to be also a document.

Section -65B

8/2/2019 360477_634055450599150000

32/60

8/2/2019 360477_634055450599150000

33/60

Diversion Of Phone Calls

8/2/2019 360477_634055450599150000

34/60

Diversion of Phone Calls1. Identify the suspect number to be taken on

parallel monitoring

Exercise discretion

2. Collect ownership details and address from

the Service Provider3. Request Home Secretary for permission for

parallel listening under Sec 5(2) of IndianTelegraph Act

4. Once permission is received, request theService Provider todivert the number on apre-identified police number

8/2/2019 360477_634055450599150000

35/60

5. Assign police personnel by name forlistening

For quick responses based on call content

For evidence

6. Record all conversations On single line recorders Voice logger systems : Computer based

automatic systems for recording and retrievalof voice calls on multiple channels

7. Simultaneous transcription ofconversations

8/2/2019 360477_634055450599150000

36/60

8/2/2019 360477_634055450599150000

37/60

Organizational Issues

8/2/2019 360477_634055450599150000

38/60

8/2/2019 360477_634055450599150000

39/60

Call Data Records Contents

Call Type: Incoming or Outgoing "IN" or "MTC": Mobile Terminating Call

"OUT" or "MOC" : Mobile Outgoing Call

MSISDN Mobile Station International Integrated Services

Digital Network Number, or simply, themobilenumberdialed to reach a subscriber

Ten Digits 91981001234591 : 2 digit Country Code

98 : 2 digit National Destination Code

10012345 :8 digit Subscriber Number

B Number

8/2/2019 360477_634055450599150000

40/60

B Number

Called/Calling number: may be any othernetwork number

Start Time

Starting time of the call in hh:mm:ss, with date

Duration

In seconds

Cell Id

Code of the terminatingcell: where call ended.

Some operators give originating and terminatingcell-ids

Charged Party

Number to which call charges are billed

8/2/2019 360477_634055450599150000

41/60

IMEI International Mobile Equipment Identity, a

uniquenumber given to every single mobile

phone, typically found behind the battery. IMEI numbers of cellular phones connected

to a GSM network are stored in a database,Equipment Identity Register, containing all

valid mobile phone equipment. It is a 15 digit number:

234567-56-456654-0

: 6 digit Type Approval Code: 2 digit Manufacturer Code

: 6 digit Serial Number

: 1Additional digit, usually 0

8/2/2019 360477_634055450599150000

42/60

IMSI

International Mobile Subscriber Identity

Each GSM mobile subscriber's SIM is assigned a unique15 digit IMSI.

404152800227727

3 digit Mobile Country Code

2 digit Mobile Network Code10 digit Mobile Subscriber IdentityNumber

IMSI allows any mobile network to know the home

country and network of the subscriber Required to locate numbers roaming in other networks

In case of'duplicate' mobile number, IMSI will bedifferent

l i f

8/2/2019 360477_634055450599150000

43/60

Analysis ofCall Data Records

Objective:

To locate the suspect PHYSICALLY

To collect information about his activities

Call details highlight contacts of the

suspect. Numbers may point to suspect'sassociates, relatives or victims.

8/2/2019 360477_634055450599150000

44/60

Geographical Area wise Grouping

ISD code wise

STD code wise Frequency of calls

Duration of calls

These indicate intimacy with suspect. Shouldbe verified with field information.

First and Last call in a day

Some suspects call particular people Night Calls

May indicate place of stay

8/2/2019 360477_634055450599150000

45/60

IMEI wise groupings

Indicate the number of handsets being used. Many SIM cards may be used on the same

handset.

As handsets are costly, they are not disposedoff easily. There are instances where oldIMEI number has figured after 7 months.

Some suspects use different handsets to talk

to different types of contacts. From one IMEI,all family members may be contacted, andfrom another all associates.

8/2/2019 360477_634055450599150000

46/60

Cell Id wise groupings

Most frequent cell-id indicates place of stay. Late night and early morning calls invariably

indicate place of stay.

Cell Id is indicated only when the user is withinthe home networkfrom Home Location Register.While roaming, cell-id is not indicated in CDR.

During roaming, cell-id is provided by the

current service provider network from theirVisitor Location Register. IMSI is needed tolocate a roamer.

8/2/2019 360477_634055450599150000

47/60

Call Diverts

Commonly used by criminals to avoidinterception

Details required from the Service Provider

Call Conferencing Check: Start Time < Start Time+ Duration

8/2/2019 360477_634055450599150000

48/60

Don't Ignore Single Calls !

Invariably, the first call after purchase of anew SIM card is made from the currenthandset. The handset may be changed

afterwards, but the CDR of this new SIMwill give new IMEI number.

First outgoing to a landline/mobile

First incoming from a landline/mobile

8/2/2019 360477_634055450599150000

49/60

Service Provider Interface

Diversion of phone calls

Details ofCall Diverts

IMEI runs on different networks

Telephone number runs in CDRs

Physical area identification by Cell Id

Cell Id location, even while roaming, byIMSI

Any other information.

8/2/2019 360477_634055450599150000

50/60

The PCO Drill

Collect following details from the PCO:

Calls made by suspects to any other numbers :

Precedingandsucceedingcalls - from all

linesof the PCO Bill paid by the caller - toidentify other

dialed numbers

Physical description of callers

Any vehicle used by callers

Mount Physical Surveillance on frequently usedPCOs

8/2/2019 360477_634055450599150000

51/60

Formalising The Evidence

8/2/2019 360477_634055450599150000

52/60

While writing the case diaries the following must beincluded:

1. Letter to Home Secretary requesting permissionfor parallel monitoring

2. Permission of the Government

3. Letter to Service Provider requesting diversion

4. Names of police personnel entrusted the job ofhearing, recording and transcripting theconversations

5. Date and time of conversation

6. Transcript of conversation

7. Certificate of responsible official in charge of theprocess

8/2/2019 360477_634055450599150000

53/60

8/2/2019 360477_634055450599150000

54/60

Case Studies

8/2/2019 360477_634055450599150000

55/60

Pratek Deevan, a student of Class 11, studyingin Dehradun was kidnapped on 01November,2002 while traveling from Dehradunto Delhi by a Qualis.

Dead body of the driver laden with bullet injurieswas recovered from the highway next day.

For the first two weeks the kidnappers maderansom calls using different mobile numbers

from Ludhiyana, Amritsar, Delhi, Jodhpur,Baroda and Meerut. A ransom of Rs. 2.5 Crorewas demanded.

Prateek Deewan Kidnapping Case

8/2/2019 360477_634055450599150000

56/60

An email from rediffmail account was

received demanding ransom. ISP was requested to provide details of the IP

address of the originating email. Physicaladdress was located to be in Bombay.

A team was sent to Bombay. Kidnappers created a different email-id on

yahoo.com and instructed the family of thevictim to chat on yahoo!chat.

8/2/2019 360477_634055450599150000

57/60

8/2/2019 360477_634055450599150000

58/60

Electronic Surveillanceneeds to be

complemented appropriatelyby matching field work

and

physical surveillance

for

achieving the targetsphysically.

8/2/2019 360477_634055450599150000

59/60

QUESTIONS

8/2/2019 360477_634055450599150000

60/60