rishard.khan@guardian.co.tt
While the TTPS is investigating the bomb threat sent to several schools yesterday, cybersecurity experts believe finding the source of the email will be a challenge for them.
The email, which Guardian Media verified through the TTPS, was sent from an address with an uncommon domain. According to the domain’s website, only the user has access to their information.
“The information in our servers is not stored, sent or processed in an open form. We do not have access to the users’ passwords and encryption keys. All data is encrypted on the client’s device and then transferred to us. This means that neither we, nor any third party can decrypt the information we store and access the contents of letters or files without the user’s knowledge,” the email said.
Digital anthropologist at CybersafeTT Daren Dhoray, who is familiar with the site, said this will pose a challenge to local authorities. He said this was not an indictment on the ability of the TTPS but rather the complex nature of the domain used.
“If it was a regular email, you would have had greater chances of tracing it back. There are services such as (domain name called) which allow you to send, as it says, encrypted and anonymous type emails. It was built for that purpose so that it’s very difficult, I wouldn’t say impossible, but very difficult to actually...trace,” he said.
“You’d more than likely have to get in contact with the company itself and they will probably not work with protective services because they have built their systems to be able to send untraceable emails.”
Despite this, he said, the police may be able to, at the very least, pinpoint a geographic location where the threat originated.
Privacy Advisory Services Limited managing director Rishi Maharaj shared a similar sentiment. He does not believe anything is “untraceable” but investigators’ challenge will depend on the layers used by the sender to hide their tracks.
Commenting on the language used in the email, Dhoray said while all threats need to be taken seriously, the grammatical errors present could indicate the threat was translated from another language.
“It seems to be a translated email. The English is not straightforward. So, I hope that the authorities don’t just take it to be...a joke, or a reason for students to stay home from school,” he said.
Maharaj believes the language used was selected specifically to cause fear and panic. He said he would not doubt that whoever sent the email found a message online and tailored it for T&T.
“There are different forums that exist online where you can go and get these kinds of things and just take it down and simple, easy translation tools you can use like Google translate to...see what it means and see whether or not this fits your fancy and then you just send it out,” he said.