Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mafia Boss Using Crook Crypto Captured

Posted by ryuzaki0 on from the never-heard-of-pgp-and-email dept.

boggis writes "Discovery is running a story on Bernardo Provenzano, the recently arrested 'boss of bosses' of the Sicilian Mafia. He apparently wrote notes to his henchmen using a modified form of the Caesar Cipher, which was easily cracked by the police and resulted in further arrests of collaborators. Discovery's cryptography expert describes it as a code that 'will keep your kid sister out'."

23 of 378 comments (clear)

  1. Substituion Cipher? by Whiney+Mac+Fanboy · · Score: 4, Informative

    God, he used a simple (rot3) substitution Cipher, with not even a Vigenère keyword and didn't expect it to get broken?

    People have been using frequency analysis for over a thousand years to crack substitution ciphers!

    --
    There are shills on slashdot. Apparently, I'm one of them.
    1. Re:Substituion Cipher? by holdenholden · · Score: 4, Funny

      Yeah, but the Police were in clear violation of the DMCA ;-).

    2. Re:Substituion Cipher? by courtarro · · Score: 4, Insightful

      Even worse, people decode random-substitution ciphers in newspapers daily, for fun. A rotating cipher is even easier to break since the letters remain sequential. I guess we could give the guy a break though, since, according to the article, he only has about a 3rd-grade education.

  2. If only.. by Ckwop · · Score: 5, Interesting

    You see, now if you want to do secure pencil and paper ciphers here's how you do it.

    Self-shrinking generators are broken but the best attack requires an insane amount of plain-text. Far, far, more than you could ever generate by hand. If Mr Mafia had used this instead of a crappy cipher from two thousand years ago then he might not have been caught.

    Throughout history lives have literally depended on the strength of the cryptography people have deployed. I find it exciting that these times are still with us and are not mearly confined to the history books.

    Simon

    1. Re:If only.. by Redwin · · Score: 5, Informative

      Considering ancient cyphers, if I remember correctly the ancient Chinese used to write messages Ceaser cypher style messages on fabric that had to be wrapped around a pole. The pole had to be the exact length and thickness or the text wouldn't align up and the decyphering process couldn't be started. If anyone was stopped, they could hand over the fabric covered in text and it would be meaningless without knowing what kind of pole was used to algin everything up.

      --
      Warning, comments may not have been passed by the sanity department of my brain.
    2. Re:If only.. by David+Mazzotta · · Score: 5, Funny

      I'm just trying to imagine the look on Paulie Walnuts' face as you explain that.

    3. Re:If only.. by anotherone · · Score: 5, Insightful

      Trivial to break. Wrapping the cloth around a pole is just an easier way of looking at every x letters. It'd take about 2 minutes to brute force the value for x manually, a program with a dictionary could do it in milliseconds.

      --
      Username taken, please choose another one.
  3. Not very smart by AKAImBatman · · Score: 4, Informative

    He apparently wrote notes to his henchmen using a modified form of the Caesar Cipher

    To put that into computer terms, he ROT13ed the text. This sort of cipher was used by Caesar not because it was secure, but because most people couldn't read. Even those that could read undoubtedly lacked sufficient education to consider a cryptoanalysis of the text. But if someone does consider a cryptoanalysis, it is incredibly easy to break this cipher.

    Simply substituting the first letter with each letter of the alphabet allows for a brute force attempt at decoding by then replacing the rest of the letters with the exact same offset used on the first character. This method ensures that the message will be decrypted even if the alphabet has additional characters. (Either for purposes of obfuscation or additional information.) The only method that can be used to prevent an attacker from using this simple decoding method (you don't even need a computer!) is to mangle the alphabet somehow. For example, if the alphabet is backwards an attacker would have more trouble decrypting the cipher. Even then, however, a simple statistical analysis on the occurance of the letters would quickly decrypt the message and reveal the secret alphabet used.

    That being said, this particular mobster was smart enough to realize that a simple cipher like this would be insufficient to deter a decoder. So he attempted to confuse would-be attackers by using a number code to obscure names. I imagine that he thought that attackers would assume that he was using a codebook to keep track of the assigned names. Unfortunately (for him), his 8th grade education was obviously insufficient for him to know that his number sequences are very similar to compression techniques. Anyone with experience would note that the codes were far too long, and that the number 1 appeared quite often. Its appearance suggests that its a "trigger" for interpreting the next number differently.

    So there you have it, security through obscurity does not work.

    --
    Javascript + Nintendo DSi = DSiCade
  4. High security. by Rob+T+Firefly · · Score: 4, Funny

    Also seized from his rooms were records for bookies operations filling several Barbie diaries with real plastic locks, and hit orders folded tightly into paper origami footballs.

    --
    Slashdot Burying Stories About Slashdot Media Owned
  5. I AM.... by i_want_you_to_throw_ · · Score: 4, Funny

    your kid sister you insensitive clod!

  6. OK , he doesn't know cryptography... by Viol8 · · Score: 5, Insightful

    ... but it still took the police almost 50 years to catch him
    so he must've been doing something right. I imagine the ceaser
    code was simply to prevent other knuckle dragging criminals from
    understanding the message, not a load of top crypto crackers
    at police HQ.

  7. Behold the power of ROT13 times 2! by Dark+Coder · · Score: 4, Funny

    Stand back!

    Behold twice the power of a ROT13 used twice!

    1. Re:Behold the power of ROT13 times 2! by Jugalator · · Score: 4, Funny

      Arrgh! I just see a sequence of ASCII characters now! B... e... h... What the hell did you do!?

      --
      Beware: In C++, your friends can see your privates!
  8. Keep my kid sister out!? Impressive! by 2short · · Score: 4, Funny

    "Discovery's cryptography expert describes it as a code that 'will keep your kid sister out'."

    Considering my kid sister is a mathematician at NSA... Hmm, maybe he meant a hypothetical kid sister?

  9. Re:You didn't expect by qwijibo · · Score: 4, Insightful

    A good leader would delegate tasks like communication security to someone who could do that well. However, I get the feeling that someone who dropped out of school at 8 and became a mob boss may not have been keeping up to date on the latest management training strategies. =)

  10. And the secret message is... by rehtonAesoohC · · Score: 4, Funny

    Be sure to drink your ovaltine?!

  11. Cryptography is not the important point by VincenzoRomano · · Score: 4, Informative

    The (poor) cryptography used by Bernardo Provenzano (more accurate infos in the Italian page) was meant to be used only by himself to avoid possible sneakes by his waiters. That was enough.
    The important point is that he managed to stay at large, not as a fugitive, in the neighbourhood of Corleoni (Sicily, Italy) for almost 43 years without being noticed or identified and while still heading at full steam the Cosa Nostra!
    So, as far as security and privacy is concerned, a good design can make poor technology rock!

    --
    Maybe Computers will never be as intelligent as Humans.
    For sure they won't ever become so stupid. [VR-1988]
  12. Solitaire by Kadin2048 · · Score: 4, Informative

    Do you have any information on the break? I just did some searching and couldn't find anything about it. At the bottom of Bruce Schneier's page on Solitaire there is a link to an article Problems with Bruce Schneier's "Solitaire" by Paul Crowley, but it's dead. Is this what you're referring to?

    (The article does exist in the Internet Archive at
    http://web.archive.org/web/20050206214237/http://w ww.ciphergoth.org/crypto/solitaire/
    It does describe what sound like they might be some problems with the randomness of the keystream, but it doesn't seem like a complete break. Sorry for pasting the address, but Slashdot doesn't seem to like IA links much.)

    Anyway, I'd be curious in knowing what the problems with it are.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  13. Crude, maybe, but dumb, no way by FishandChips · · Score: 5, Interesting

    We cannot be sure that Provenzano's crude attempts at a code were intended to foil the police. Why should he care? By now, several hundred Mafia informers (the pentiti) have already told the police just about everything you could think of. Besides, pencil and paper have turned out to be quite a good system, probably yielding a fraction of the information that electronic eavesdropping would.

    The coded notes are more likely have been intended to prevent his fellow mafiosi from getting too close and knowing too much. There was nothing dumb about this man's rule as a godfather. He evaded capture for forty years, rebuilt the organization after the disasters of the Riina years, retained power by remaining as invisible to his fellow mobsters as he was to the authorities, and simply survived into his 70s in a "profession" in which many are lucky to reach their thirties.

    Yes, it's good news that another gruesome killer is behind bars. But the more worrying question is why the godfather found it unnecessary to take more stringent precautions, suggesting that clearing out the Mafia-infested lands of Western Sicily and the corruption-prone "public works" economy still has a very long way to go. It's going to take more than a few smart remarks about cryptography to do that.

    --
    Las qué passoun
    tournoun pas maï
  14. Re:You didn't expect by lRem · · Score: 4, Insightful

    Given that he steered the mafia for 50 years, evading the police and keeping control over the organisation at the same time, furthermore without usage of any modern technology including cryptography... Well, I would call him a good leader. Probably way better than your typical manager with a bucket load of certificates.

    --
    Always put off dealing with time-wasting morons. If you would like to know how... I'll get back to you
  15. Re:Wouldn't have helped in this case anyways... by TubeSteak · · Score: 5, Interesting

    I think an appropriately shuffled deck of cards would be somewhat innocuous.

    If the police aren't looking for something like a deck-of-cards-as-key, then they won't find the key, all they'll find is a deck of cards.

    I only say this because I recall reading an article some years back about drug dealers storing their business information on USB thumbdrives & wearing them as necklaces or on keychains. The police would arrest the dealer, but since the police didn't know what they had, the thumbdrive was treated as any other possesion & sealed up till the dealer was released.

    You're still hiding your 'key', you're just hiding it in plain site & hoping no one sees it for what it is.

    --
    [Fuck Beta]
    o0t!
  16. Re:Most interesting part... by Sigma+7 · · Score: 4, Interesting
    ...wasn't that he was using an obsolete code, but that the Italian alphabet is missing k, j, w, x, and y.

    Just how the heck can they express themselves without those letters? That must leave pretty big holes in their keyboards!


    For this, I turn to the advise of Mark Twain:

    A Plan for the Improvement of English Spelling
          by Mark Twain

    For example, in Year 1 that useless letter "c" would be dropped to be replased either by "k" or "s", and likewise "x" would no longer be part of the alphabet. The only kase in which "c" would be retained would be the "ch" formation, which will be dealt with later. Year 2 might reform "w" spelling, so that "which" and "one" would take the same konsonant, wile Year 3 might well abolish "y" replasing it with "i" and Iear 4 might fiks the "g/j" anomali wonse and for all. Jenerally, then, the improvement would kontinue iear bai iear with Iear 5 doing awai with useless double konsonants, and Iears 6-12 or so modifaiing vowlz and the rimeining voist and unvoist konsonants. Bai Iear 15 or sou, it wud fainali bi posibl tu meik ius ov thi ridandant letez "c", "y" and "x" -- bai now jast a memori in the maindz ov ould doderez -- tu riplais "ch", "sh", and "th" rispektivli. Fainali, xen, aafte sam 20 iers ov orxogrefkl riform, wi wud hev a lojikl, kohirnt speling in ius xrewawt xe Ingliy-spiking werld.


    He is completely correct - there's no need for letters if they sound like others. Bekause of this, I suggest that we should follow in his footsteps.
  17. Re:IT Consultant by Motherfucking+Shit · · Score: 4, Funny
    I wouldn't think it'd be too hard to find a bent IT guy to give advice on security, encryption, what can be recovered from a hard drive etc.
    Hmm.. you're right..

    Hello, mafia! For $250K/year, I am an IT guy who can give advice on security, encryption, what can be recovered from a hard drive etc. In addition to IT, I enjoy pasta, Chianti, parmigiano, and pitted olives (preferably all in one night). Salary is negotiable if you can provide an "Italian woman," something I keep hearing about but, being a geek, haven't figured out the details of just yet.

    References available upon request.
    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.