Slashdot Mirror
Mafia Boss Using Crook Crypto Captured
boggis writes "Discovery is running a story on Bernardo Provenzano, the recently arrested 'boss of bosses' of the Sicilian Mafia. He apparently wrote notes to his henchmen using a modified form of the Caesar Cipher, which was easily cracked by the police and resulted in further arrests of collaborators. Discovery's cryptography expert describes it as a code that 'will keep your kid sister out'."
Even worse, people decode random-substitution ciphers in newspapers daily, for fun. A rotating cipher is even easier to break since the letters remain sequential. I guess we could give the guy a break though, since, according to the article, he only has about a 3rd-grade education.
... but it still took the police almost 50 years to catch him
so he must've been doing something right. I imagine the ceaser
code was simply to prevent other knuckle dragging criminals from
understanding the message, not a load of top crypto crackers
at police HQ.
Certainly not, but I would think that those whose livelihoods and lives depended upon secrecy would be a little more careful with information. Okay, so according to TFA, the guy dropped out of school when he was 8. Maybe he wasn't the sharpest knife in the silverware cabinet - hell, maybe he was a spoon - but he seemed to have some leadership talent. You don't become a "boss of bosses" otherwise. Part of leadership is making sure if you don't know yourself how something important works, you have somebody you trust who does know it. Surely somebody in the organization knew that such a simple code wouldn't hold up...
This was probably only meant to thwart the efforts of the guy carrying the pieces of paper for him; who may have been picked for his lack of literacy anyway (as some natl lab workers were in the past, with simiar security logic behind it).
Sadly, over half the time I see PHP programmers commit just as bad a mistake when they hard-code databasee passwords in plain text in their PHP. Like Provenzano they assume noone will grab the information with the password; but like him that doesn't really help the case.
A good leader would delegate tasks like communication security to someone who could do that well. However, I get the feeling that someone who dropped out of school at 8 and became a mob boss may not have been keeping up to date on the latest management training strategies. =)
Odds are if you were holding one of the Godfather's messages long enough to decipher it, that means you had to get it from someone in the mafia. They took these from him, which is one thing. Of course you can do that if you're the police/fbi/etc. and you've captured the boss. If you're just some shmoe, you can break the code all you want, the boss is still coming after you.
stuff |
There's all sorts of ciphers that could be used. Unfortunately, usually the weak points are not the system but the people. In this case the cipher was easy to crack. But you could have an almost unbeatable system like a one-time pad like the Soviets used during the Cold War. However, low level lackeys re-used the pads, allowing the US to break some of their messages. During WWII, German coders did things like not changing the daily cipher key or sending the same message at the same time every day but using a different cipher.
Well, there's spam egg sausage and spam, that's not got much spam in it.
it only worked until the guy was 73 years old.
I have a feeling that this has more to do with careful control of the information pipelines, large payoffs to corrupted officials, lots of money poured into lawyers, and the ability to disappear when things get hot. The purpose of using a cipher is to create a last line of defense in the case that your information pipeline is compromised.
Given that murder has no statute of limitations, he would have been equally stupid to use a more secure cryto but with unsecured channels. Even if it took the police 10 years to decrypt his message, they could still drag him into court and nail him.
Heavier crypto would have even more problems. Not only would computers be required, but the constant use of such a crypto would ensure that at least some of the keys would eventually be captured by the police. This is almost as bad as using a codebook, something I'm sure this mob-boss was looking to avoid.
His best bet would have been a combination of physical security, with crypto dependent on how sensitive the message was. Sensitivity could easily have been determined by the legal penalty. For example, burning down someone's shop would have been low enough to use a hand cipher. Committing murder, OTOH, would have been sensitive enough to require the use of military grade encryption.
Javascript + Nintendo DSi = DSiCade
Fear may also be the reason no one told him that this wasn't a good way to send messages.
Aparantly people believe brain surgeons must be very smart, considering the delicate nature of the organ they concentrate on.
This is undoubtably the case for many in the profession, especially considering the hurdles necessary to get there, but if I were to go under the knife, I'd prefer someone with rediculously fine motor control and the experience of thousands of hours of drills.
The actual act--open head, cut something out--while certainly complicated, hopefully shouldn't require much thought..unless something goes horribly wrong.
Can you be Even More Awesome?!
The cypher may have been good enough for some purposes - e.g. the couriers may not have been able to understand them, and thus been unable to carelessly talk about them. It's not likely that all of them were terribly smart. Also, even delaying decoding for a little while already has a positive effect for someone who is on the run.
The system appears to have worked well enough for 40 years. In fact the police state that it's exactly this low-tech approach which enabled him to escape for so long. I do hope the flaws in his system will keep him locked up for the rest of his live.
So there you have it, security through obscurity does not work.
So, my private key is not good anymore?
He is just like any other technical layman. He had a false sense of security by using some form of security.
I dont know how many managers, executives, or non IT type people I have talked to that think once the firewall is in place we never have to think about it again. Or now that we have an antivirus we can go and do whatever we want and not worry about downloads and such again.
Then they turn the deaf ear until... unfortunately for this guy its going to cost him more than just a few dollars and some downtime.
Given that he steered the mafia for 50 years, evading the police and keeping control over the organisation at the same time, furthermore without usage of any modern technology including cryptography... Well, I would call him a good leader. Probably way better than your typical manager with a bucket load of certificates.
Always put off dealing with time-wasting morons. If you would like to know how... I'll get back to you
Trivial to break. Wrapping the cloth around a pole is just an easier way of looking at every x letters. It'd take about 2 minutes to brute force the value for x manually, a program with a dictionary could do it in milliseconds.
Username taken, please choose another one.
Agreed, but the problem still remains the same, as long as you let anyone else give you advice on your encryption, it better be strong encryption so your advisor can't easily decode your messages if/when he intercepts them. The catch 22 is you can't determine the strength of your encryption unless you're a fairly knowledgable cryptographer yourself, in which case you don't need anyones advice on how to secure your communication in the first place. If you're truly paranoid, you don't trust anyone.
where you can name yourself adolf hitler and list child pron
Mensa members are hot?