Slashdot Mirror
Nasty Bad Men Are Using Encryption
ruebarb writes: "It appears that Osama Bin Laden and the majority of the Slashdot community have something in common - they love that free encryption! Bin Laden has been using chat rooms, bulletin boards, email, and (presumably) PGP to plan his terrorist activities. The article is available at cnn.com -- Expect the usual political outcry and demands for restriction of encryption technology to follow shortly hereafter"
And an unnamed correspondent writes: "USA Today has this report about how terrorists are using encryption to distribute secret mayhem instructions via the internet. Gee, you think?
What do you think -- is this part of a PR campaign to show John Q. Public how dangerous encryption is in any hands other than gov?" In related news, several of the major news networks are reporting that innocent-looking newspapers and circulars have been employed to form the ransom notes used by notorious kidnappers; calls to ban newspapers on that ground may face some opposition from extremists, but will no doubt soon reach the legislature.
It's the Red Scare all over again.
I mean, come ON. These people are going to use cyphers or one-time pads if they can't get their hands on modern crypto. They'll assign meanings to quotes from the Koran, and print those. And heck, they don't need to use pr0n sites and sports chat... What's wrong with email, AIM, and IRC?
If the entire NSA and Pentagon can't outsmart a bunch of religious zealots with automatic weapons and explosives, crypto or no crypto, then we're all in trouble.
This story is a shamefully obvious attempt to manipulate the public into accepting continued restrictions on their use of strong crypto. It's clearly intended to support someone's agenda... whose? The USA Today's or someone else's?
I can see the fnords!
I would have thought that the obscurity provided by the massive amounts of information passing over the net would have been enough to communicate anything of necessity. And besides, if they can communicate in a different language (ie. one they made up), without a primer there's no way to tell what they're talking about anyway.
"Less well-financed criminal operations" == "a crook who can't afford a used 386 system with a 9600-baud modem"
I think /. folks shouldn't just have a knee-jerk reaction but should try to think of reasonable government encryption regulation.
Reasonable regulation means curtailing, not expanding, the powers of government agencies which establish a clear track record of abuse.
/.
/. If the government wants us to respect the law, it should set a better example.
It's 10 PM. Do you know if you're un-American?
From www.idefense.com:
We know this because we've already done stuff like this to our adversaries.
Or perhaps you didn't know about the Postscript hack we snuck into Iraqi HP Laserjets as part of the Gulf War.
Or perhaps you didn't know about the backdoors in Lotus Bloats that we used to steal European industrial secrets.
Or about the stuff about the French government's stated policy of using industrial espionage in the late 1980s, to which our Bloats backdoor was probably a response.
Make no mistake, these guys do have a vested interest, but they're emphatically not fruitcakes. They know whereof they speak. This particular threat is very real.
Before you moderate that as "Troll" - ask yourself what's the difference between:
- idefense.com saying to its audience "You know you've
embedded backdoors in stuff you sold to adversaries, now
they can do it to you?"
- Rabid
/.ers saying "Open source is more secure than
closed-source because it's harder to hide the backdoors".
Hint: None at all.It's the same risk, just viewed from a different perspective by a different audience with a different set of shared experiences and concerns.
(fsckin' Slashdot's on the fritz again, apologies for any multiple posts.)
Check out these fruitcakes they're quoting:
"It's something the intelligence, law-enforcement and military communities are really struggling to deal with," Ben Venzke of the cyberintelligence company iDEFENSE told the paper. "
ok, head on over to www.idefense.com, browse a bit, find some speeches, dig out the tasty quotes:
"We already know that some 30 countries are working on offensive information warfare programs and the principal target for each is the United States. We know, too, that if a US business buys hardware or software from such countries as Russia, China and France, there is a very good chance that they will be infected by bugs or various kinds. We also know that every day hundreds of American companies are attacked through cyberspace and that billions of dollars are lost through theft and blackmail.
"
"
For example, no American intelligence agency effectively mines open source data and shares it across federal agencies and with the private sector. Yet open source data could be a huge national asset. Real reform might mean the creation of a Central Analytical Agency that could collate and analyze all open source data and distribute it via the web to its customer base in the private and public sectors. Only secret intelligence would be the responsibility of the existing intelligence community. Not only would this create a significant and profitable national asset, but it would eliminate wasteful duplication in the intelligence community."
Read the whole thing, it's beautiful.
They even get to speak before congress now and then.
Good thing they don't have a vested interest in the whole thing.
At least they got hacktivist right.
--
What happens when you outlaw guns
What we're really talking about here is a balance between our personal privacy and the public safety - we should be be carefull not to race off and give away our privacy when in practice all it will mean is that the black hats will use different technology - if that happens we've all lost and the feds have gained nothing ...
I heard this story on NPR yesterday, and could think only one thing ...: Anytime a government agency is using propaganda to loby for a restriction of your rights -- something is seriously wrong.
Free Techno/Jazz/DNB/MI Music by guys obsessed with monkeys!
I knew a fellow who was convicted for computer trespass on the evidence he had PGP'd on his drive. It did take them two years to crack it, but that wasn't very consoling to him in jail.
Free Techno/Jazz/DNB/MI Music by guys obsessed with monkeys!
You mean fringe members like Yahoo, Amazon, most anyone else doing e-commerce on the web, and major financial institutions?
gorvernment used the news media like a precision weapon in control what was known, by whom and when
Its no secret to anyone who wasnt weened on American media that this is true - the 18:00 news programs are the worst offenders. Why arent *AMERICANS* capable of seeing this? When I mention it to an American they think Im nucking futz.
It couldnt be more obvious... its a goddamn circus.
The fact that the legislation will be totally pointless and do nothing to actually hinder the problem as stated from flourishing will not (indeed it never has before) prevent the US government from passing laws to protect the sheep^H^H^H^H^Hcitizens from purportedly dangerous elements.
Laws against drugs, alcohol, child pornography, murder, and a host of other perceived ills have had no visible effect on the rate of the occurrence of these crimes, nor is the public predictably safer from the incidence of these acts as a result of the legislation. The best the government can do is provide sanctions for those found guilty of committing said crimes within US jurisdiction and mete out punishment.
Sometimes well-intentioned laws are used a basis for creating special classes of criminals who, once suspected of the crimes, are conveniently divorced from their normal rights as citizens (witness the drug war and the FBI/McNaughton-style sting mania).
The end result of legislation like this is to feed the general trend of Americans to be cowardly and fearful, who feel it is better to let governments and corporations make up their minds for them (because after all, if we can ban the export of munitions-grade encryption, we must have produced it, right? so we're number one! yeah!), and in this case, will make sure that no citizens, for better or worse, will be keeping any secrets which would undermine that authority and control.
I do not have a signature
It's a program that will CORRUPT ANY FILE!! Whoa, that's phat with a capital PH!!!
Untitled.gif illegal softwarez!!!!!
Available for intel windows and alpha linux.
This software does not require the installation of photoshop 6.5. Consider yourself invaded by foreigners!!!!
"Hidden in the X-rated pictures on several pornographic Web sites". The article starts with this major culturally ignorant phrase. All "bad men" quoted afterwards are fundamentalist muslins. These guys are as likely to found in pornographic sites as Mrs. Barbara Bush is likely to be photographed burning the flag
Don't be fooled by the religious rhetoric - it's bad enough that thousands of weak-minded teenagers (who happen to be Muslims) in the middle east are. Political Islam has nothing to do with religion. The Quran is an expedient tool used to manipulate people into following cynical leaders. In the US they would use the Bible.
A tricky thing with religion is that its reliance on the unseeable and unprovable makes it and its followers fairly ripe for manipulation. Once someone has demonstrated that they're willing to believe something just because a book says they should, any wanna-be despots have a ready-made self-selected audience to focus on.
Even then, the majority of people are sensible enough to recognize bargain-bin demagogery as just that, and steer well clear.
Just as most professed Christians are nice people you'd be happy to have as next-door neighbors, most Muslims are ordinary folks who want nothing more than to get through the day, have a good job, feed their family, and have an excuse to smile from time to time.
Anyway, the point is that anyone who manipulates a religion as a tool for motivating others to commit acts that stand against that religion's doctrines (as terrorism does against Islam), has already shown where they stand, and there's no particular reason to believe they're not watching the Playboy channel with a cold 40-ouncer sitting atop their copy of the Quran right this very moment.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
This is typical over-reaction by the media. Don't you love how every few weeks they get some new 'Techno-demon' that they need to exorcise? Of course they get a quote from some know nothing politico who wants a sound bite. If they took the time to understand encryption (or any other technology), there would be a lot less static on the airwaves... I weep for the state of modern journalism. Rant complete. IT
As has been said many times before, always remind your semi-digital, but public-spirited friends concerned with encrypting terrorists that Criminals of any kind use the same bathrooms and the ALL of rest of the infrastructure (Roads&Phones&Water&Electric&Mail etc.) that we we do, but no one suggests shutting those things down or severely impairing their usefulness because bad people use ordinary things for bad reasons. Helping create a fascist and paranoid state in response to terrorism polarizes the population -which is as important a goal for terrorists as terror is.
Besides, restrictions on encryption technology can't stuff this cat back into the bag; the software is out there, and that's that.
Intelligence and police agencies have been using other techniques to get around the use of encryption since the late '80s, from keystroke logging hardware slipped into a suspect's keyboard (what was that about a passphrase?) to the simple and ancient techniques of Van Eyck/TEMPEST monitoring (nabbing the cleartext from the RF emissions of the CPU or display).
Informed sources tell me the NSA has been breaking PGP for years, but they'll generally only bother in cases where side-channel attacks are unfeasible, due to the required resources in time and labor.
Someone's pushing an agenda with this article, but I rather suspect it's Gannett (owners of USAToday) and CNN.com, who's essentially paraphrasing the USAToday article. Sadly for us /. paranoiacs, it's probably no agenda more sinister than "attract readers with inflammatory stories", just like many other sites we know and love. :)
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
Is there any strong evidence that Bin Laden really exists, and is really the mastermind of a global anti-American plot? Sometimes I get the feeling that he is just the generic evil guy that the US drags out whenever it needs to push some agenda.
USA Today article is so filled with garbage and gaps, so clearly following an (no-very-well) hidden agenda that I don't even have the energy to debunk it all. So, just a few commented hightlights:
a) "Hidden in the X-rated pictures on several pornographic Web sites". The article starts with this major culturally ignorant phrase. All "bad men" quoted afterwards are fundamentalist muslins. These guys are as likely to found in pornographic sites as Mrs. Barbara Bush is likely to be photographed burning the flag.
b) "Uncrackable encryption is allowing terrorists ? Hamas, Hezbollah, al-Qaida and others ? to communicate about their criminal intentions without fear of outside intrusion," FBI Director Louis Freeh said last March during closed-door testimony on terrorism before a Senate panel. "They're thwarting the efforts of law enforcement to detect, prevent and investigate illegal activities." Please notice the "last March" expression. This panel was reported and fully discussed (See the news here. I believe it was even discussed in Slashdot, but I couldn't find the article)
c)"encryption has become the everyday tool of Muslim extremists in Afghanistan, Albania, Britain, Kashmir, Kosovo, the Philippines, Syria, the USA, the West Bank and Gaza and Yemen, U.S. officials say." I guess they also have radios, all forms of guns, phones, cameras. They also use cars, trains, buses. Let us ban all of those.
d)"All the Islamists and terrorist groups are now using the Internet to spread their messages," says Reuven Paz, academic director of the Institute for Counter-Terrorism, an independent Israeli think tank." This has absolutely nothing to do with encryption. Notice the equality achieved in the sentence between Islamist and terrorist. Rephrase to "All Southern Baptists and racists groups are now using the Internet". Think about it.
e)"They're hidden using free encryption Internet programs set up by privacy advocacy groups. The programs scramble the messages or pictures into existing images. The images can only be unlocked using a "private key," or code, selected by the recipient, experts add. Otherwise, they're impossible to see or read." We should throw all these "privacy advocacy groups" in jail and lose the key, shouldn't we?
f)"It's no wonder the FBI wants all encryption programs to file what amounts to a "master key" with a federal authority that would allow them, with a judge's permission, to decrypt a code in a case of national security. But civil liberties groups, which offer encryption programs on the Web to further privacy, have vowed to fight it." Of course, as we already know that all the enemies of the United States are a bunch dumb arabs, they obviously cannot develop their own software. So they will be forced use US-made software that automatically deposits their private keys with the FBI.
g)"Who ever thought that sending encrypted streams of data across the Internet could produce a map on the other end saying 'this is where your target is' or 'here's how to kill them'?" says Paul Beaver, spokesman for Jane's Defense Weekly in London, which reports on defense and cyberterrorism issues. "And who ever thought it could be done with near perfect security? The Internet has proven to be a boon for terrorists." Who ever thought a spokesman for a defense and cyberterrorism publication could be so dumb? To discover how does Mr. Beaver manages to keep his job, that would amaze me.
The discussion about the racist bias of the article is left as an exercise to the reader.
MSK
And THAT, my friends is precisely why the Americans leave us Canadians alone. (-:
Currently, I tend to feel SAFER buying stuff online from trusted merchants with my credit card than giving it to someone who works in a store. Most online merchants destroy your credit card number after it's no longer needed, and keep only minimal records of it (4 first or last numbers). Compared to bricks-and-mortar shopping, where the store makes one or two copies for itself and one copy for you to lose, with 'customers' behind you that can look over your shoulder because of poor handling of the card, it makes me feel nervous. However, if you take away encryption from the equation, all bets are off, since a packet may travel through dozens of systems and routers before being recieved by the vendor you're trying to buy from.
How much freedom are you willing to sacrifice in order to gain safety? To me, the benefits that society gains from encryption far outweigh the evils that can be done with it. Besides the fact that if they're already criminals, do you think they'll have any qualms about using 'illegal' encryption products? You'll only stop stupid ones, and they're rarely the ones that do the most damage. I'm glad to be living in Canada on this point -- there's never been any plans to stop private citizens from using or exporting encryption, with the exception of those products imported from the United States that employed 'high-grade' encryption that was banned from export from the United States. Why do you suppose the OpenBSD project, which uses encryption where ever possible, is based in Canada? ;-)
I used up all my sick days, so I'm calling in dead.
It's obvious, then, that if the government has a tight enough rein on the terrorists they're pointing out who use encryption, then obviously the government is good enough at tracking terrorists without being able to track their keys, and they simply don't need to worry about it!
Of course, the reality is that this is prime material for legislatures to begin convincing the less tech-savvy "common man" that they desperately need legislation in place to form a Key Escrow so that anyone's keys can be cracked by the government if they so desire.
Criminals, of course, simply won't obey the law. Duh.
Only outlaws will use encryption. I know it's an old saw, but how exactly is banning encryption supposed to stop terrorists from using it? The mathematical basis for most algorithms is still out there, and just about anyone reasonably competent at programming can roll their own. Not to mention that software can legally be written in countries other than the US, so unilateral action won't do any good anway. The genie is out of the bottle, and it can't be put back in.
There's no point in questioning authority if you aren't going to listen to the answers.
In a related story, cnn.com is also reporting that Osama Bin Laden and other terrorists are using this new technology called 'chemistry' to carry out their work.
'Chemistry' could be a new, important tool in the terrorists quest to stay one step ahead of authorities and commit mass-murder. The senate will soon debate a bill which bans the use or export of this 'chemistry' and proposes stiff new regulations.
Liberty.
Firstly, we need to to step up manned operations abroad, especially in known trouble spots. We'll need to recruit more people to do this, which means increasing budgets.
This might not work. How do you infiltrate a terrorist organization made up of people who are relatives? How do you infiltrate a terrorist organization in a country where most of the residents are at least somewhat sympathetic to the groups goals? Bear in mind that HUMINT has a pretty shitty track record. Investing in HUMINT is like investing in a dotcom - you may be wasting your money or you might get a huge payoff. Getting Congress to approve large cash payouts to shifty characters could be awfully difficult, especially in light of the Iran-Contra debacle not too long ago.
And in the event that all of this fails, we're going to need the much-maligned national missile defence folks. When you don't know in advance what's coming, you have to be able to protect yourselves! It's no different from soldiers wearing a bulletproof jacket, and in these times when nuclear proliferation is a fact of life, America needs that jacket.
Ouch! Head hurts! NMD = very stupid.
Why would anyone launch a missile at the US when much better delivery systems are available? The World Trade Center bombing, the Oklahoma federal building bombing, and so forth all involved very sophisticated car bombs. The USS Cole was hit by another boat, not a missile. There is no reason why any terrorist would use a missile as a delivery system - they're expensive, and it appears sneaking up on your target works just fine.
Some may say, well, just because a missile defense would not protect us against some attacks isn't a reason to build it. Implicit within this claim is a couple things:
1) Terrorists are fairly smart, they can build high-yield conventional weapons and possibly NBCs.
2) Terrorists are extremely stupid, if we build a missile defense system they will abadon in rental trucks and boats as delivery systems and switch to ballistic missiles.
Pick one or the other folks, it can't be both.
What would happen if the NSA and the CIA and the FBI and all the Military intelligence communities get public key escrow and the right to snoop thru our email and web pages?
Answer - it would not affect them at all. The bad guys already have PGP and they can't crack it. The bad guys already have image encryption and they can't crack it.
All this will let them do is run roughshod over the constitution and pry even more into our private lives.
And, remember, Bush Sr. was Director of the CIA - don't for a second think that this is not a pretext to take even more of our civil liberties away.
--- Will in Seattle - What are you doing to fight the War?
Curses! Foiled again!
omega_rob
I think that this incident is precisely a government campaign to build public support for encryption regualtion. My grad instructor worked for the 'intelligence community' during the Gulf War; he implied without saying directly that the gorvernment used the news media like a precision weapon in control what was known, by whom and when. So much disinformation went through CNN, with their blessing, that it is amazing we know any 'facts' at all. Who knows, maybe Bin laden is on the government payroll...
There is no guarantee that the content has been read or understood.
Now, how are the mainstream to be convinced that using encryption is a good thing? This is what we all want to do, correct? Well, we won't manage it by trying to do so ourselves - being lectured at by the freaks will only make the public resist even more. I suggest that we embrace the criminals for this campaign. The fact that Bin Laden and criminals like the mafia use encryption make it into a sexy field again, like it was in the 1920's through 40's, say. If we wish to impress Joe Public, it is imperative that we use the tools of advertising, which uses sexy images and subliminal suggestions, and not reason, which bores the common man and causes him to switch off.
Much like antidrugs campaigns by the government can increase their appeal and use in many quarters, I suspect that any government campaign to convince people that encryption is evil because it is used by terrorists criminals will surely backfire, and increase the sexiness of the field and general usage statistics for encryption.
This is what encryption has needed to enter the mainstream.
They fuck you up, your mum and dad.
--Anticipation of a New Lover's Arrival, The
Late at night, Muslim terrorist headquarters...
General walks into a room unannounced.
General: Samir, what are you doing?!?
Samir (surprised, suddenly turning his attention from the computer): General!!! I-I-I didn't know you were here at this hour, sir!!!!
General: Samir, were you using Allah's network connection to visit porn sites?
Samir: No, General! Of course not! I was just -- I was just, eh, using the porn site's bulletin board to send terrorist messages, sir! (types in something random)
General: But I can't read any of it!
Samir: Of course not, General! You see, sir, they're encrypted! Yes, that's right, they're encrypted!
General: Very well, I'll let it pass this time.
Samir turns off the computer and the lights. Exeunt.
General: By the way, Samir...
Samir: Yes, sir?
General: I think "CIABoy935466" likes you.
To the editors: your English is as bad as your Perl. Please go back to grade school.
http://www.attrition.org/~wrlwnd/crypto/steanograp hy/jpeg-steg/
Maybe you could use this to tunnel IP over USENET porn?
I think it's important to put Bin-Laden's quote in context:
----> The US conducts Operation Desert Storm. The US media reports it is an enormous success -- highlighting the role of Patriot missles and other high-tech systems -- when in fact, MIT researchers later show that none of the Patriots hit their intended targets, cruise missle performance was dismal (30% ish), etc.
----> In 1992, a bunch of Bin-Laden trained hicks kick the US's butt in Somalia. Boy, we don't hear much about US military effectiveness in the media.
----> In Spring 2000, 129 US warplanes are downed in the Yugoslav/Kosovo conflict. The NY Times reports only one of these.
As an advocate of a truly strong military -- as opposed to a bloated, bureaucratic, budget-and-career-path grabbing mess -- I think we ought to be listening pretty strongly when Bin-Laden says America is run by "devils."
Why? Because what Bin-Laden is saying is that America is much weaker than is says it is. That it is run by a bunch of cowards who lie about just about everything -- including our military capacity. And that sort of lying has everything to do with the current case.
Instead of going out there and building a strong, honorable military that can defend Americans along with the ideal of freedom, the FBI and etc. are going out there and building a totalitarian state that prevents the flow of information and the development of ideas. It's saying that people can't have encryption, because we're too cowardly and lazy to defend against it, and playing to the weakness and fear of the public. This is the essence of unfreedom. This is what destroys republics.
It is also the direct opposite of the democratic ideal which protects our society. The idea of freedom of information is that we become strongest when ideas can flow without government restriction -- that we solve problems, build economies, develop new technologies, and learn to protect ourselves better in a free society. And it is for this reason that totalitarian societies are doomed to freedom.
Is Mr. Bin-Laden using encryption? Is he building a military force to fight the U.S. government? Is he hurting the U.S.? If so, then I say, as an American, thank you Mr. Bin-Laden. Thank you for pointing out how weak we have become, under the direction of Mr. Freeh, and Messrs. Bush, and Mr. Clinton. Thank you for showing us that our society is so weak, and so unfree, that it cannot defend itself from you. Thank you for pointing out the devils among us, and how unfree they have made us, and that they are liars.
And that the lie is, that it is good to restrict technology, restrict information, restrict DeCSS, restrict encryption. That it is good to not let Americans see when their planes are shot down, or when their soldier die because they are unprepared for real war, because it "maintains morale" and public support for the military. The lie is, that restrictions and lying and totalitarianism makes us stronger, when it weakens us, weakens our military, and weakens our democracy. The lie is, that this benefits anyone, other than the bastards telling the lie. And by that, I mean Louis Freeh, among others, in this case.
All I have left to say, is that it is time to get the bastards out of office.
When the Marines landed in the last days of 1992, bin Laden sent in his own soldiers, armed with AK-47's and rocket launchers. Soon, using the techniques they had perfected against the Russians, they were shooting down American helicopters. The gruesome pictures of the body of a young army ranger being dragged naked through the streets by cheering crowds flashed around the world. The yearlong American rescue mission for starving Somalians went from humanitarian effort to quagmire in just three weeks. Another superpower humiliated. Another bin Laden victory.
"After leaving Afghanistan, the Muslim fighters headed for Somalia and prepared for a long battle, thinking that the Americans were like the Russians," bin Laden said. "The youth were surprised at the low morale of the American soldiers and realized more than before that the American soldier was a paper tiger and after a few blows ran in defeat. And America forgot all the hoopla and media propaganda ... about being the world leader and the leader of
the New World Order, and after a few blows they forgot about this title and
left, dragging their corpses and their shameful defeat."
Oh yeah me and Osama go way back to the old school days of ef-net.. check out this old log i found:
:DDDD:D:D:D:D:D hey man! whats happening?
;)~~~
*** Osama888 has joined #metallica
<Osama888> wasssuuuuuupppppp >:D
*** UN sets mode: +o Osama888
<brakzilla>
<Osama888> man I was out shopping for nitrogen rich fertilizer at this damn store in al Kabarfi and this zit faced punk at the store was all up in my face
<brakzilla> hehehehe lol!!
<Osama888> hehe then I told the guy, "do you know who I am??" and he was like D:
<brakzilla> werd!
<Osama888> yea w3rd.. brb pizza
don't sweat the petty things and don't pet the sweaty things
It's supposed to be completely automatic, but actually you have to press this button.