Slashdot Mirror
Mafia Boss Using Crook Crypto Captured
boggis writes "Discovery is running a story on Bernardo Provenzano, the recently arrested 'boss of bosses' of the Sicilian Mafia. He apparently wrote notes to his henchmen using a modified form of the Caesar Cipher, which was easily cracked by the police and resulted in further arrests of collaborators. Discovery's cryptography expert describes it as a code that 'will keep your kid sister out'."
God, he used a simple (rot3) substitution Cipher, with not even a Vigenère keyword and didn't expect it to get broken?
People have been using frequency analysis for over a thousand years to crack substitution ciphers!
There are shills on slashdot. Apparently, I'm one of them.
You see, now if you want to do secure pencil and paper ciphers here's how you do it.
Self-shrinking generators are broken but the best attack requires an insane amount of plain-text. Far, far, more than you could ever generate by hand. If Mr Mafia had used this instead of a crappy cipher from two thousand years ago then he might not have been caught.
Throughout history lives have literally depended on the strength of the cryptography people have deployed. I find it exciting that these times are still with us and are not mearly confined to the history books.
Simon
8 jqe3 y8j qh 9rr34 y3 d97oeh[5 43r7w3.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
these people to be brain surgeons did you?
Quality Hosting e3 Servers
He apparently wrote notes to his henchmen using a modified form of the Caesar Cipher
To put that into computer terms, he ROT13ed the text. This sort of cipher was used by Caesar not because it was secure, but because most people couldn't read. Even those that could read undoubtedly lacked sufficient education to consider a cryptoanalysis of the text. But if someone does consider a cryptoanalysis, it is incredibly easy to break this cipher.
Simply substituting the first letter with each letter of the alphabet allows for a brute force attempt at decoding by then replacing the rest of the letters with the exact same offset used on the first character. This method ensures that the message will be decrypted even if the alphabet has additional characters. (Either for purposes of obfuscation or additional information.) The only method that can be used to prevent an attacker from using this simple decoding method (you don't even need a computer!) is to mangle the alphabet somehow. For example, if the alphabet is backwards an attacker would have more trouble decrypting the cipher. Even then, however, a simple statistical analysis on the occurance of the letters would quickly decrypt the message and reveal the secret alphabet used.
That being said, this particular mobster was smart enough to realize that a simple cipher like this would be insufficient to deter a decoder. So he attempted to confuse would-be attackers by using a number code to obscure names. I imagine that he thought that attackers would assume that he was using a codebook to keep track of the assigned names. Unfortunately (for him), his 8th grade education was obviously insufficient for him to know that his number sequences are very similar to compression techniques. Anyone with experience would note that the codes were far too long, and that the number 1 appeared quite often. Its appearance suggests that its a "trigger" for interpreting the next number differently.
So there you have it, security through obscurity does not work.
Javascript + Nintendo DSi = DSiCade
Also seized from his rooms were records for bookies operations filling several Barbie diaries with real plastic locks, and hit orders folded tightly into paper origami footballs.
Slashdot Burying Stories About Slashdot Media Owned
your kid sister you insensitive clod!
this book. I found it an enjoyable yet educational walk through the history of encoding/decoding. Cool stuff. I guess Sicilian mobsters typically aren't Mensa members...
... but it still took the police almost 50 years to catch him
so he must've been doing something right. I imagine the ceaser
code was simply to prevent other knuckle dragging criminals from
understanding the message, not a load of top crypto crackers
at police HQ.
Stand back!
Behold twice the power of a ROT13 used twice!
There was an American mobster a few years ago who did something using PGP, and the only way the FBI were able to crack it was to bug his keyboard http://www.theregister.co.uk/2000/12/06/mafia_tria l_to_test_fbi/
"Discovery's cryptography expert describes it as a code that 'will keep your kid sister out'."
Considering my kid sister is a mathematician at NSA... Hmm, maybe he meant a hypothetical kid sister?
Looks like the mafia boss was pretty 1337 ;)
Odds are if you were holding one of the Godfather's messages long enough to decipher it, that means you had to get it from someone in the mafia. They took these from him, which is one thing. Of course you can do that if you're the police/fbi/etc. and you've captured the boss. If you're just some shmoe, you can break the code all you want, the boss is still coming after you.
stuff |
hear he tried yEnc but was flamed by henchmen that preferred uuencode.
I have a feeling this was more about the man seeing himself as a "Cesar", than encryption methodology however.
"Humans are considered to be primitive, the third smartest species on Earth"
Be sure to drink your ovaltine?!
There's all sorts of ciphers that could be used. Unfortunately, usually the weak points are not the system but the people. In this case the cipher was easy to crack. But you could have an almost unbeatable system like a one-time pad like the Soviets used during the Cold War. However, low level lackeys re-used the pads, allowing the US to break some of their messages. During WWII, German coders did things like not changing the daily cipher key or sending the same message at the same time every day but using a different cipher.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Thanks to the DMCA, he does not need to have a strong cypher, since this law makes it illegal to decrypt it anyways!!!
Perhaps. Or, more probably, Italian alphabet only has 21 letters. As a side note, you live in US, don't you?
Even the mafia has its PHBoB's.
... the original
The (poor) cryptography used by Bernardo Provenzano (more accurate infos in the Italian page) was meant to be used only by himself to avoid possible sneakes by his waiters. That was enough.
The important point is that he managed to stay at large, not as a fugitive, in the neighbourhood of Corleoni (Sicily, Italy) for almost 43 years without being noticed or identified and while still heading at full steam the Cosa Nostra!
So, as far as security and privacy is concerned, a good design can make poor technology rock!
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
Had he used a more secure algorithm, such as the one described, he would have needed to have kept the key (the appropriately shuffled deck of cards) somewhere, which police would just as easily have found at his home. Or we would have needed to remember the 108 bit number in his head, but somehow I doubt he would have gone through such length. He was a mafioso, not a memory genius.
The cypher may have been good enough for some purposes - e.g. the couriers may not have been able to understand them, and thus been unable to carelessly talk about them. It's not likely that all of them were terribly smart. Also, even delaying decoding for a little while already has a positive effect for someone who is on the run.
The system appears to have worked well enough for 40 years. In fact the police state that it's exactly this low-tech approach which enabled him to escape for so long. I do hope the flaws in his system will keep him locked up for the rest of his live.
Do you have any information on the break? I just did some searching and couldn't find anything about it. At the bottom of Bruce Schneier's page on Solitaire there is a link to an article Problems with Bruce Schneier's "Solitaire" by Paul Crowley, but it's dead. Is this what you're referring to?
w ww.ciphergoth.org/crypto/solitaire/
(The article does exist in the Internet Archive at
http://web.archive.org/web/20050206214237/http://
It does describe what sound like they might be some problems with the randomness of the keystream, but it doesn't seem like a complete break. Sorry for pasting the address, but Slashdot doesn't seem to like IA links much.)
Anyway, I'd be curious in knowing what the problems with it are.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
He is just like any other technical layman. He had a false sense of security by using some form of security.
I dont know how many managers, executives, or non IT type people I have talked to that think once the firewall is in place we never have to think about it again. Or now that we have an antivirus we can go and do whatever we want and not worry about downloads and such again.
Then they turn the deaf ear until... unfortunately for this guy its going to cost him more than just a few dollars and some downtime.
We cannot be sure that Provenzano's crude attempts at a code were intended to foil the police. Why should he care? By now, several hundred Mafia informers (the pentiti) have already told the police just about everything you could think of. Besides, pencil and paper have turned out to be quite a good system, probably yielding a fraction of the information that electronic eavesdropping would.
The coded notes are more likely have been intended to prevent his fellow mafiosi from getting too close and knowing too much. There was nothing dumb about this man's rule as a godfather. He evaded capture for forty years, rebuilt the organization after the disasters of the Riina years, retained power by remaining as invisible to his fellow mobsters as he was to the authorities, and simply survived into his 70s in a "profession" in which many are lucky to reach their thirties.
Yes, it's good news that another gruesome killer is behind bars. But the more worrying question is why the godfather found it unnecessary to take more stringent precautions, suggesting that clearing out the Mafia-infested lands of Western Sicily and the corruption-prone "public works" economy still has a very long way to go. It's going to take more than a few smart remarks about cryptography to do that.
Las qué passoun
tournoun pas maï
Frankly, I'm surprised that someone who's responsible for moving around millions, or even perhaps billions, of dollars of ill-gotten gain won't spend $250K a year on a team of competent IT consultants. I wouldn't think it'd be too hard to find a bent IT guy to give advice on security, encryption, what can be recovered from a hard drive etc. Either they think they're too smart to be caught this way, or they think the cops are too dumb to break their encryption, or they just haven't modernized their business practices because they think the old ways still work.
Interestingly, by all accounts Al Queda is much more technically savvy.
--
$tar -xvf
For this, I turn to the advise of Mark Twain:
He is completely correct - there's no need for letters if they sound like others. Bekause of this, I suggest that we should follow in his footsteps.
8 jqe3 y8j qh 9rr34 y3 d97oeh[5 43r7w3.
I made him an offer he couldnot refuse.
wow.That missing space almost threw me off.
Hey this ain't no ROT, you cheat.
Helful links:
http://www.infoplease.com/applets/xwordsearch.php
http://www.fizzl.net/projects/crypto/
http://www.mcld.co.uk/decipher/
If you're interested in this kind of thing- or just looking for a good read- try picking up Excellent Cadavers. It's the story of two Italian judges who finally tire of the fear, the silence, and the corruption, and take on the Mafia; the article makes reference to this guy being involved in the murders of two judges and I assume that's who they're referring to. It's one of the best nonfiction books I've ever read- it really gets into the characters but also gets into the social underpinnings and economics of the Mafia. It's a tragic book because the judges end up assassinated, but it's also really inspiring because they refuse to back down, they refuse to compromise, and at the price of their lives they dealt a crippling blow to the Sicilian Mafia.
where you can name yourself adolf hitler and list child pron