Slashdot Mirror
Al-Qaeda Used Basic Codes, Calling Cards, Hotmail
jd writes "In startling revelations, convicted terrorist Ali Saleh Kahlah al-Marri admitted that Al Qaeda used public telephones, pre-paid calling cards, search engines and Hotmail. Al-Marri 'used a '10-code' to protect the [phone] numbers — subtracting the actual digits in the phone numbers from 10 to arrive at a coded number.' The real story behind all this is that the terrorists weren't using sophisticated methods to avoid detection or monitoring — which tells us just how crappy SIGINT really is right now. If the NSA needs to wiretap the whole of the US because they can't break into a Hotmail account, you know they've got problems. FindLaw has a copy of al-Marri's plea agreement (the tech-related information begins on page 12), and the LA Times has further details on his case."
The real story behind all this is that the terrorists weren't using sophisticated methods to avoid detection or monitoring â" which tells us just how crappy SIGINT really is right now. If the NSA needs to wiretap the whole of the US because they can't break into a Hotmail account, you know they've got problems.
No, no I don't know that they have problems. You have presented little to no proof they have problems. So your suggestion is that they not only wiretap the whole US but also break into every e-mail account they suspect of terrorist activity?
Yes, sometimes the simplest precautions can thwart the greatest and most expensive intelligence gathering equipment and teams. You have to live with that. I am not defending their actions to wiretap all or even part of the United States but, please, tell us how they were supposed to know that this was the Hotmail account they wanted to crack without doing anything illegal to get this information. I mean, hindsight is 20/20 but you apparently have some gift so tell us how you would have known which e-mail account to crack into. Boy, it sure must be easy to criticize a case when you know just enough details to make you a genius investigator.
I guess I didn't expect to find the kind of stupidity on the front page of Slashdot complaining that the National Security Agency's civilian e-mail surveillance isn't up to snuff while sneaking in a jab about their phone surveillance being too pervasive.
My work here is dung.
On TV, intelligence agencies can break any code before the commercial break. In real life, it's a little bit different.
"The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
SIGINT isn't the right tool for tracking terrorist cells anyway. They don't generate enough signals.
I mean, you can tap and analyze every cable satellite and radio transmission in the world and still be completely oblivious to a small group of people in a basement somewhere.
What's needed is informers, agents and detective work.
I don't know where this concept came from that this crime had to be high tech.
I know, I know, the initial response from some was that the alleged terrorists weren't smart enough to come up with this and some morons ate that up. Even this past winter I had someone tell me that the terrorist plot was too sophisticated for a non-government entity.
There is nothing surprising about this. Aside from piloting the planes this plan had all the sophistication of a junior high word problem in a mathematics course.
"If Habbib leaves Boston at 7:20 AM and Mohammad leaves Washington D.C. at 7:35 AM what time will they get to The World Trade Center?"
Dedicated Cthulhu Cultist since 4523 BC.
But that's hard...
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
If they just look at the NSA's electric bill they will see that the NSA is primarily focued on detecting signals. You'd expect that any terrorist with half a break would avoid using signals.
There is no technological way to fight terrorism, technology helps the troops in the field but it does not do the job. Humans have to do the job. Just like we cannot expect AI or robots to fight crime. Humans have to do the real work.
What an arrogant way of looking at things. Not everyone is motivated by money you know, and just because someone may have a job that pays great doesn't mean they are somehow smarter than someone who's job don't pay so great. It just means they are more concerned with making a buck than with making a difference. Look at all the highly motivated people in the FOSS community, do you fault them for putting so much effort into open source projects for little to (more commonly) no compensation?
Were you part of the investigation? Did you have any inkling of what could've been done to catch them sooner? If they answer is no then you hardly have any right to criticize them. If the answer is yes then what kept from helping out? Oh wait, it was the money, right?
God, schmod. I want my monkey man!
how completely clueless it is. Let's see ...
(1) The NSA doesn't wiretap the US. For all the hysteria, the NSA is only looking at calls crossing the border. Inside the US its FBI, and the Feebies are very jealous of that.
And it certainly doesn't wiretap the whole US, because there's so much ohone traffic and 0.999999 of it is uninteresting.
(2) Could the NSA hack -- could DoJ simply subpoena -- the contents of a hotmail account? You bet ... but which hotmail account? alQaedaDeathtoAmerica@hotmail.com? Or fluffibuni387? Or what?
(3) Now, with prepaid phone cards etc. If I'm getting this, you're saying NSA is bad because they can't get intel from something like a prepaid phone. Now think it through: Achmed al Boomaboom goes into WalMart, and buys condoms, a bag of Fritos, and a prepaid phone. He makes six "busines" calls, talking in code words, calls a hooker, and throws the phone away. How is the NSA supposed to figure out which phone it is, and capture the phone calls, before he pitches the phone.
More to the point, how can they intercept those phone calls without intercepting all calls, or at least all prepaid cell calls?
"...has been based on a false premise."
I think you misspelled 'lie'.
The NSA knows exactly how well SIGINT works against terrorists who use code words, personal ads in newspapers, etc.
The terrorists also know how ineffective the NSA is against such things.
The government selling wiretapping on the basis of catching terrorists is a very transparent lie.
No sig today...
So, let me understand this - you've never actually worked for the CIA, instead rejecting their offer, yet you know exactly what goes inside the CIA based on the fact that you place money as a higher consideration and rejected their offer?
Not to mention the logical contradictions in your writeup - the applicants/hire cannot both be 'really smart' (as in your first paragraph) and 'pinheads' (third paragraph). I smell stereotyping and more than a little self aggrandizement.
Were you part of the investigation? Did you have any inkling of what could've been done to catch them sooner? If they answer is no then you hardly have any right to criticize them. If the answer is yes then what kept from helping out? Oh wait, it was the money, right?
Yeah, here's how you catch terrorists: you train intelligence agents in detective work and in the languages you expect your enemies to use. Then you send people to infiltrate the terrorist cells.
But that requires paying humans a living wage to do real, human work! We can't do that! We'll have to rely on SIGINT machines.
That's true. For every 999 plots they successfully foil, you only hear about the one that got through.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
By offering low wages, government agencies thin down the pool of potential workers they can draw from. Of course they have a responsibility to spend wisely, and certainly personnel costs will add up to impressive sums, but this is military and intelligence we're talking about. The US government spends quite a lot on equipment. Personnel and hardware are both assets (although one would hope the human assets are considered less expendable than the material ones), why is it OK to spend significant portions of a country's GDP on one type of asset in order to increase security and then skimp on another type of asset?
Back last summer, I took a grad school course in Signals Intelligence, and one of the things I had to read was a paper by Matthew Aid titled "All Glory is Fleeting," which was about the use of Sigint prior to 9/11. It was quite a surprising paper, because the one word I would never have thought to use for Al-Qaeda was "incompetent."
But, in fact, in their early years, they were. Up until about 1997 or 1999, their signals discipline was nonexistent. They gave bin Laden a satellite phone (because, frankly, Afghanistan is the worst possible place in the world to try to run an international terrorist "organization" from - I say "organization" because Al-Qaeda doesn't strictly exist as an organization...it is instead a network of networks with very loose ties from one cell to another), and the NSA listened in to every phone call. And, by the way, in these phone calls, the various terrorists talked openly about their operations. So, the NSA passed the information on to the appropriate police force, and terrorist ops went bad, one after the other.
At some point, though, Al-Qaeda clued in to the fact that the satellite phone was being listened to. One story goes that the Washington Post leaked it, and terrorists read the newspapers too. So, the phone went silent, other means of communication were used, and Al-Qaeda ops actually began to work.
Sigint isn't easy to sort through at the best of times, though. You have to first pick out the signal (relevant material) from the noise (irrelevant material and deception), and then figure what the signal actually means. So, if a Saudi under suspicion talks on the phone about going to the United States for a "business meeting," it could mean that he's meeting members of a terrorist cell...or going to an actual business meeting...or he could be cover for somebody else going to the terrorist meeting. Incompetent Al-Qaeda was easy when it came to sorting the signals from the noise - current Al-Qaeda isn't.
Robert B. Marks
Author, Demonsbane in Diablo Archive
Amazon reviews are useless when it comes to getting reliable information. And I say that as the author of 1500 Amazon reviews (generally written for my own pleasure and notetaking). Articles in The Atlantic and, more importantly, the European Parliament's 2001 report on ECHELON suffice to show that Bamford was right more often than he was wrong.
Exactly.
How does the author propose we detect whether a 10-digit number is a telephone number, or even that it has been shifted in such a manner? The more sophisticated ciphers seem like they would be easier to detect than 10-coding simply because of the nature of telephone numbers as containing little specific information.
The real question is, how many different permutations of 10-digit telephone numbers in suspect areas exist, and how many of these numbers can be decoded from the simply coded telephone number. We know now that it's ten-coded, but even if we assumed some other numerical shift, or even a digit-dependent shift of some kind, we might still be looking at a huge number of possibilities.
I challenge him or her to answer the following questions about the following ten-digit number:
2213684949
Is it a telephone number?
Is it encoded in some way?
How is it encoded?
How do we know that we have guessed the encoding method correctly?
How can we reverse the decoding?
The people who try to trivialize this sort of work are ignorant, and have little to no training in the fields that they lambast.
And on the subject of pay for a different manner of service, why do we try to attract people qualified to teach Mathematics and Science by raising the bar for the qualifications but keeping the pay at the same level for 10 years?
Because taxpayers want something for nothing.
SRSLY.