Monday, May 4, 2015

Email DOX TRAI & NETNEUTRALITY

Few days ago I and @bruno had a argument on TRAI making public the Email ID s and contents of 1 million Plus Indian citizens .Here are few thoughts of mine .

TL;DR : change your mail password first if you have sent mail to TRAI

What is Net neutrality ?

 The Telco s and ISP s want to charge us based on sevices or OTT services eg:facebook ,whatsapp,youtube,vine etc will be charged separately or the companies which pay tot he ISP s will get their services free to customer their rival applications will be ignored

What is in it for us ?
  Though it looks attractive We will pay more to use our favorite /necessary apps ,we will lose the choice to use ,Monopoly of few big companies and last but not least we will lose privacy (we will see in detail).

Why the Telco s doing this ?
   The analog is going out and digital is going more digital THE INTERNET is gaining more mileage and Traditional voice is phasing out so the telecoms are losing the grip and companies like Facebook ,google and the likes are taking over the VOICE via Internet so its the classical territory fight .

What is TRAI s Role in it ?
    Telecom Regulatory authority of India  is the single decisive authority for all voice and data related policies in INDIA and TRAI has to Decide on the OTT plans proposed by ISP s read Airtel,Reliance etc

What had TRAI did to generate outrage among netizens ?
    TRAI has given an option to get public opinion before April 24 2015 and many campaigns were run in support of netneutrality and over 1 million plus mails have been sent to TRAI in support of netneutrality and in April 28 TRAI has relaesed all the mails with content and mail ID in clear text .Yes clear text !!!
    According to Bruno this was done for transparency or Read as fearing RTI ,TRAI has doxed millions of his countries citizens anticipating fear ? someone might ask these details through RTI    
though as per my opinion they can scrub sensitive data citing personal details but Bruno differs and cites a reference which says incoming calls to a Government office is official and can be released to public ,though how an Email ID and phone number is equal is highly debatable


What is the Impact of TRAI releasing the Mail ID s ?
   EMail ID is not just used to send and recieve mails but almost everything under the sun has become dependent on mails and mail ID s are as sensitive as your ATM pin .here are few example mail ID is used for Play store /itunes login,E-commerce sites,Business/work,Cloud application logins,banking notifications and so on

Whats the deal ?

     In the parallel world called Darknet ,there are people who go by the name Black hats hacker collect email address and sell it for money .

Why do people bother about paying money to just email IDs ?
    Well there are lot of people whose profession we are not aware of identity theft is a major market now also Cyber espionage Thanks to Edward Snowden  .In good old days people used to spy on others by bribing or seducing which is called HUMINT now it is difficult also not needed as entire details of an individual can be pulled from Internet and social media .

What are the potential things that can be done using mail ID ?
Government:  Our government runs a CMS  which snoops on every internet packet ,If im vocal on any issues against any policies of government i will be marked snooped to get details for character assasination and arrested or assasinated example mahrashtra arrests for a FB post and like ,Few Activists whose sex life shenanigans outed to mute their public voice .Thanks to wikileaks and Jeremy hammond we now know that Mega banks Like BoFA and others spied on OWS .

Corporates : Every company now snoops on its employees and its rivals employees to get confidential data ,Example -Reliance getting the budget data from ministers office before it went to parliment and Stratfor spied on activists in Bhopal.corporate companies hire private intelligence companies like Stratfor ,Palantir etc


Black hats: They use it for stealing credit card data,social engineering,hack social media account identity,spearfish,spam ,harvest the IP address to insert a malware and use it for DDOS and C&C purposes

Foreign governments :
    Thanks to Chelsea manning ,wikileaks and Edward snowden we now know Government kills people based on Metadata ex CIA chief micheal hayden said that  and our email ID is the gateway to get the metadata .

Agencies like NSA ,GCHQ etc will look out for potential targets in other countries they will hack into random mail servers and harvest the mail ID s and social engineer it to figure out the owners of mail IDs .For example right now they got my mail id from TRAI and that is my primary mail ID it is associated with my Social media accounts ,mobile devices ,banking accounts ,work related applications so they social engineer me by sending a friend request to me in facebook ,connection in linkedin,chat request in yahoo and based on my activity send a mail to me with a spearfish link and will try hard to get into my system to get my work related data ,If im a third party contractor to any government organisations they will try to get into the organisation with my credentials .That is called cyber espionage

Government agencies like NSA ,GCHQ ,isreal intelligence,china cyber military etc are few of them who have dedicated programs  for this .

These are the things we now know what can be done with Email id thanks to anonymous,LULZSEC ,jeremy hammond,Edward snowden,wikileaks ,chelsea manning,Glenngreenwald and aaron swartz .

References :
citizen four -a documentary by laura poitras
No place to hide -glenn greenwald
Wikileaks.com