Tech Geeks May Have Sent Bomb Threats To Flights: IP Address Trail Hits Dead End
A group of tech experts is suspected of being behind a series of hoax bomb threats that targeted Indian airlines, leading to massive disruptions and flight cancellations. According to central cyber agencies investigating the threats, the messages were sent through social media platforms and emails, with the senders utilizing Virtual Private Networks (VPNs) to mask their identities. The investigation has hit a roadblock, as no activity has been detected from the tracked IP addresses, which are believed to be exit nodes of VPNs, making it difficult to trace the actual origins of the threats.
Hoax threats paralyze Indian airlines
The hoax bomb threats, which have affected over 100 flights, have created chaos for several Indian airlines, including Indigo, Akasa Air, Vistara, and Air India. The threats caused delays and cancellations, severely impacting air travel in the country. A senior government official stated that the cyber agencies are currently analyzing email headers and social media handles associated with the threats. However, the use of VPNs has made tracking the perpetrators extremely challenging.
“While there are no activities on the IP addresses being tracked, initial analysis indicates that this has been carried out by a group of multiple tech experts who are knowledgeable about the processes of technical tracing and tracking of handles and email IDs,” a senior official revealed.
Tracing the threats: A complex task
Cybersecurity teams have already identified some of the email IDs and social media handles used to send the hoax threats. The headers of the emails have been analyzed, but the process of tracing the IP addresses has hit a dead end, as the last recorded IP in the chain often belongs to a VPN exit node. This makes it difficult for authorities to pinpoint the actual location or identity of the sender.
“We are looking at the reputation of the identified IPs and whether any suspicious activities have been associated with them,” said an official involved in the analysis. The challenge, however, remains the lack of cooperation from intermediaries, such as VPN service providers, who have so far provided limited support to law enforcement agencies.
VPN chaining and email IDs
One of the main challenges faced by the investigators is the use of “VPN chaining,” a technique where multiple VPNs are used in sequence, making it nearly impossible to trace the original IP address. This technique is suspected to have been employed in this case, further complicating the tracking process.
The cyber agencies suspect that the email IDs used to send the bomb threats were created specifically for the purpose of generating fake accounts on social media platforms like X (formerly Twitter). These email IDs are believed to have been created through VPNs as well, adding another layer of anonymity.
A senior official from the Ministry of Electronics and Information Technology (MeitY) highlighted the difficulties in obtaining information from intermediaries like social media platforms and email service providers. “Intermediaries are not keen to share information, which is making the investigation harder. We held a meeting to warn them about the seriousness of the situation,” the official said.
Government push for cooperation
In light of the ongoing investigation, the Ministry of Electronics and Information Technology convened a high-level meeting in Delhi with representatives from the affected airlines, as well as social media giants X and Meta. The purpose of the meeting was to address the lack of cooperation from these platforms and to press them to share more information about the hoax threats.
The initial investigation revealed that the IP addresses linked to the threats were traced to European countries, but it is suspected that VPN chaining was used, making it difficult to determine the true location of the senders. Indian cyber agencies are now seeking more detailed information from VPN companies, but their response is still awaited.
A familiar tactic
This is not the first time VPNs have been used to send threat emails. In similar cases in the past, miscreants used VPNs to disguise their locations, leading investigators to trace IP addresses to foreign countries, only to discover that VPNs were masking the actual source. “It appears that this time as well, the threats were coordinated with the help of tech-savvy individuals or groups,” an official close to the digital investigation explained.
Despite the challenges, the cyber agencies are determined to continue their investigation. The ongoing use of VPNs for illegal activities such as bomb threats has once again sparked a debate over the need for stricter regulations and cooperation from intermediaries, particularly VPN service providers.
For now, however, the investigation remains at a standstill, with no clear leads as authorities work to unravel the sophisticated methods employed by the perpetrators. The safety of airline passengers hangs in the balance as cyber agencies continue their efforts to track down those responsible for the bomb hoaxes.