In the two-week period between October 13 and October 28, Indian domestic and international carriers received over 400 hoax threat calls and emails through social media, resulting in numerous flight cancellations, diversions, and delays. These disruptions led to significant financial losses for airlines during the peak travel season and caused major inconveniences for travelers.
Although these threats were false, the associated delays and disruptions incurred financial losses estimated at around INR 15 lakh per hour for airlines, amounting to crores of rupees. Hoax calls are not new; some individuals make these calls to delay flights if they’re running late, while others do it to create panic or, simply, for amusement. However, the recent scale of these incidents in India raises serious concerns, suggesting possible attempts by state actors or propagandists to destabilize India's economy and its booming aviation sector.
In today's digital age, threat actors are leveraging digital tools and obfuscation techniques to hide their identities, IP addresses, locations, and devices, making it increasingly difficult for law enforcement to trace them. These hoax communications primarily arrived via phone calls, emails, and social media, triggering the mandatory security protocols outlined in the International Civil Aviation Organization’s (ICAO) Aviation Security Guidelines. This, in turn, led to thorough security checks, flight diversions, and delays, all causing financial losses and passenger inconvenience.
This situation also brings forth the possibility of psychological warfare, aiming to influence public emotions, attitudes, and behavior to create fear or push a particular narrative.
To address the situation, the Indian government and law enforcement agencies have requested assistance from the U.S. government and Interpol in investigating the calls. The U.S. Federal Bureau of Investigation (FBI) is collaborating with Indian authorities to trace these calls and emails sent to airlines across India.
Tracing hoax calls and social media messages is challenging due to various technical, jurisdictional, and privacy issues. Let's examine some of these challenges.
Understanding the Role of VPNs and Advanced Anonymity Tools
Virtual Private Networks (VPNs) create a secure tunnel between a user’s device and the internet. VPNs are widely used to protect internet traffic and maintain online privacy. When a person connects to a secure VPN server, their internet activity is encrypted, making it invisible to third parties like hackers, government agencies, and even their internet service provider.
While consumers use VPNs to ensure online privacy, businesses rely on them to securely connect remote workers to the company network. With advanced encryption, high-quality VPNs prevent internet providers, mobile carriers, and anyone monitoring network traffic from seeing users’ activities. Additionally, by changing the user’s IP address, VPNs allow users to appear as if they are in another location, further complicating tracing efforts.
This ability to mask locations and IP addresses is one reason why scammers, miscreants, and even terrorists frequently use VPNs. During investigations, authorities encountered “VPN chaining,” also known as double or multi-hop VPNs, where a user connects through two or more VPNs. In these cases, traffic is encrypted multiple times, making it even more difficult to track.
Although VPNs are legal in India, government regulations mandate certain rules, including data and log retention for at least five years. This data includes IP addresses, names, email addresses, phone numbers, and physical addresses, even for inactive accounts. However, those intending to evade detection often use VPNs with advanced features like obfuscated servers, strict no-logs policies, kill switches, and leak protection.
Obfuscated servers disguise VPN traffic to make it appear like regular internet traffic, enabling users to connect to VPNs even in environments where VPNs are blocked. Perpetrators also use Tor browsers to access the dark web, hiding their online activities and evading detection.
Technical Challenges in Identifying Threat Sources
Several other technical factors contribute to the difficulty in tracing these hoax calls, such as caller ID spoofing, encrypted Voice over IP (VoIP) calls, number masking, and various anonymity tools that conceal the caller’s identity. Law enforcement faces obstacles, including limited cooperation from telecom providers, inconsistent logging and record-keeping practices, and the inherent complexity of cross-border investigations. Additionally, there is a shortage of skilled investigators with access to advanced technical tools and resources needed to trace these threats.
Privacy laws also restrict access to caller information, and variations in laws across jurisdictions complicate obtaining warrants or subpoenas, adding to the challenges for law enforcement.
Potential Solutions Through Advanced Technology
Addressing hoax calls effectively requires investment in sophisticated tools and technologies, including AI-powered call analysis and tracking, voice stress analysis, pattern analysis on social media, open-source intelligence, and comprehensive threat assessment systems.
AI-powered chatbots could handle preliminary threat assessments and help with psychological profiling, allowing authorities to better understand the motivations and threat levels of hoax callers. Emerging technologies, like quantum computing and enhanced aviation cybersecurity frameworks, could also further bolster security.
Conclusion
The challenges posed by hoax callers and malicious actors demand a proactive approach from investigation authorities. Investing in cutting-edge technology, building skilled and trained teams, establishing common laws, standardizing regulations, and fostering international cooperation are crucial steps in effectively addressing these threats and safeguarding public safety.
Author: Alok Gupta
Founder & CEO Pyramid Cyber Security & Forensics