Tech Geeks May Have Sent Bomb Threats To Flights, IP Address Trail Hits Dead End
A group of tech experts is suspected of targeting Indian airlines with hoax bomb threats, according to the initial analysis conducted by central cyber agencies.
Who also said no activity has been detected from the IP addresses used to send the threats through social media handles and emails. The exit nodes of these addresses are VPNs. According to a senior government official, despite evidence that VPNs were used, very limited support has been received from intermediaries. The relevant companies have been asked to provide details to trace the actual IP addresses.
“While there are no activities on the IP addresses being tracked, initial analysis indicates that this has been carried out by a group of multiple tech experts who are knowledgeable about the processes of technical tracing and tracking of handles and email IDs,” the official.
Cyber agencies have identified the email IDs and handles. “The headers of the emails have been analysed to trace their source, while other details such as CC, BCC, and received lines are still being identified. The next step of tracing IP addresses from emails has already been initiated, but the last IP address in the chain is often the exit node of the VPN. Agencies are looking at the IP to determine its reputation and any associated activities,” a senior official involved in the analysis said.
The official also noted that emails played a crucial role as creating an account on X requires either a phone number or an email ID. “It is suspected that email IDs were created to open accounts on X, and those IDs were also generated through VPNs. We are trying to ascertain details, but intermediaries are not keen to share information. A meeting was held to warn them,” another senior official from the Ministry of Electronics and Information Technology told News18.
The Ministry of Electronics and Information Technology held a meeting in Delhi with officials from airlines and social media giants X and Meta regarding the hoaxes, which have delayed or canceled over 100 flights. The most affected flights are from Indigo and Akasa Air, followed by Vistara and Air India.
According to the initial investigation, the IP addresses were initially traced to European countries, but VPN chaining was suspected to have been used, making further tracing nearly impossible. Indian agencies are attempting to obtain details from VPN companies and their response is awaited.
“Previously, VPNs were used by miscreants to send threat emails and messages. When we traced the IP address, we found that it was in a European country. However, it is suspected that VPN chaining was used, indicating that the threat emails and messages were coordinated with technical experts or the sender was technically sound,” said an official associated with the digital investigation.